Malware Analysis Report

2025-01-19 05:48

Sample ID 241126-q4g5zstmgv
Target Actulizacion APN CLARO 5 G.apk
SHA256 b08f7d6dd6997c97b08318c80f382c50965c29b2cea3eb1df4f7520af7bf366a
Tags
hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b08f7d6dd6997c97b08318c80f382c50965c29b2cea3eb1df4f7520af7bf366a

Threat Level: Known bad

The file Actulizacion APN CLARO 5 G.apk was found to be: Known bad.

Malicious Activity Summary

hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Hook

Hook family

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's Accessibility service

Queries information about the current Wi-Fi connection

Performs UI accessibility actions on behalf of the user

Reads information about phone network operator.

Declares broadcast receivers with permission to handle system events

Attempts to obfuscate APK file format

Queries the mobile country code (MCC)

Makes use of the framework's foreground persistence service

Acquires the wake lock

Declares services with permission to bind to the system

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-26 13:48

Signatures

Attempts to obfuscate APK file format

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-26 13:48

Reported

2024-11-26 13:51

Platform

android-x86-arm-20240624-en

Max time kernel

148s

Max time network

155s

Command Line

com.jcoagcdag.kbzvxbdyv

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum N/A N/A
N/A /data/user/0/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum N/A N/A
N/A /data/user/0/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jcoagcdag.kbzvxbdyv

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.jcoagcdag.kbzvxbdyv/app_app_dex/oat/x86/sjmtxty.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp

Files

/data/data/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum

MD5 9e28e71b559fca9d2e9caa5d1e4f2f76
SHA1 f8cb37de35609c3c51887fe52c4464de5ef4ebd6
SHA256 c09e42194a904717dfe37c9a87af68db93eb17ef516c5d3c18db0d896cc948e2
SHA512 e9c37fb1db93abebedd5732e809aa32ea367750da252dd3a142c9b128bc852c7542fec1d188daf55f9b928cddfe3f63645ff29b98e6f0d2908e7ae13b771b0d3

/data/user/0/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum

MD5 de526b9ddb93005bbec8917bcb893297
SHA1 8d64d28b1e3b3d4c0fd311a3b78ddac3b70737f1
SHA256 b13cf9c509021cb7c3f0f9f0320f9ff1d8d24a9a92d75c8e211bb0e95a5cb4be
SHA512 66d4cd979719e580c93c2dd53aac3b1f10c6fb8da40d437128448337fd40b3a165be4c6046f8bb24ce133e45311e719a363496f9feb23fb2f460a7a8f320454d

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-journal

MD5 20097eecf36e95b696b4adb0d688f080
SHA1 7a6590409f5a2c2fc0937bb5e41211f78d086049
SHA256 cfdc061b23748623df388a83a88e88e0a8ca4faa52650eae1b4be9ba6a720c26
SHA512 fb90f2e5f02aef51c1eca0f87a6bce9e2b4f93110f6542ae6899958f298edcfd48909a5f347e4746db718996aa2f10356f53d94419dbe2d8edf530690a43a8f4

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-wal

MD5 70e761ed83ce93d1e0b95a54c53723c9
SHA1 ac55737fc59fe353dedfb22cc431779088a00f8c
SHA256 8e995b5bfd238da5e84dcf49df86fb1ab4009a3449aa1a052db2cb162771bbf0
SHA512 38982c7e2e1df984cc0bbf731f04bb837314ac7d362745c85caab65fe4e0f28efe62a164d827e7c131cf9937253706631ce55594002d3d63560062610a46759a

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-wal

MD5 296e8fb3f1bf2a264f3a1a35242a8427
SHA1 87c9c0c7a1da18b11dfcf7c09f8b28f3cb35ab62
SHA256 297540cc572561ff0d5ad6a69cb70b49c3c184c79360adfa2d442cc2fa590cb6
SHA512 684d7d8015e1c252c219b98bace13e35247181fdca885bcc8fa0633de2bbc3b7cca8947eb859617213a5c13d88d890d4a3aba1966d78f4fcf389cfc0b4cdc564

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-wal

MD5 15445108762b0c007b4ac87cde33ce65
SHA1 685c5fcbe8d2ee5cc0924f1364a3002cc41b0fcc
SHA256 3d39c684a056a6c52610c9dfd124baf4ca127179687d1a51b0ee386943889fe9
SHA512 3363552060b5aac7a15998b217fad6b33d88a0a401fc730f81228d02771d1700190052a41424f1a2aabc13f1575f849d01ffe6eba3366036799ebeca1294b2ff

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-26 13:48

Reported

2024-11-26 13:51

Platform

android-x64-20240624-en

Max time kernel

143s

Max time network

156s

Command Line

com.jcoagcdag.kbzvxbdyv

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum N/A N/A
N/A /data/user/0/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jcoagcdag.kbzvxbdyv

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp

Files

/data/data/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum

MD5 9e28e71b559fca9d2e9caa5d1e4f2f76
SHA1 f8cb37de35609c3c51887fe52c4464de5ef4ebd6
SHA256 c09e42194a904717dfe37c9a87af68db93eb17ef516c5d3c18db0d896cc948e2
SHA512 e9c37fb1db93abebedd5732e809aa32ea367750da252dd3a142c9b128bc852c7542fec1d188daf55f9b928cddfe3f63645ff29b98e6f0d2908e7ae13b771b0d3

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-journal

MD5 cd806d690092c7ca5a06d33ec08b910b
SHA1 4673ad9a808bafef27b907c825ea1b4cdbe096f5
SHA256 49ffd1df3e1a65b230e98495e77f35b3d595670260cfb6a57f9259de68128e79
SHA512 68af7570edca9115882b63b8e44b2fb61f96273e2beb876b67fdee057b597e7fe86abe5498de39fcf28f5d42491b7f7b8e32ce9f16daa31cd0e0ef29f557ed9a

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-wal

MD5 bb30e063a5150f8693efaf961b70f748
SHA1 5c32aebfb244d6aa308350b8e82adf7f6f7847e9
SHA256 255eb85b977db43c170c42a0d0db8768d5923a1baab9a95e820b84caec7fb825
SHA512 29e86279d43ec19e9f8505640640be0778f73fcfc3da5d36aa0949a0715e85a2420984e127f956903fba7cba2c461b3b3c2d18c48f0ae9cf39d54b7eac17b1a9

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-wal

MD5 7f48beaa3f21879727fc2e210b3cba71
SHA1 d7af32f7ffc3786d63a9d2ede1d40857dea7d85d
SHA256 0d8813904c32d6f8339d511bc15853a8391a2c3fa15c12ca9ac091b7c0ec5310
SHA512 719648614ec8e784c7a4f722aebfa1d2e559f5e387493f7339a25c8149a103d0cd2ce78a6328258054a7fa9f072e73aa8efcd97af4ae12ffea31cecebff04382

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-wal

MD5 4cd600372cdf508ec6a3a5312b2792dc
SHA1 35a65c07187f26d5dff7b0aa2ab6e542eb2e1ed3
SHA256 adde7ba2d3c9052c85ad2a24f751efbe567bf2aa9bc8dde732fe9c8da1e1f729
SHA512 17f9f422673721333e072a2eeddf10088f20002b7e81e8d55b17e70c5ab84aa0aac65e1493f538d4caa50a9602696ceaf7d9ded0294a77e10fddd5a28097f720

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-26 13:48

Reported

2024-11-26 13:51

Platform

android-x64-arm64-20240624-en

Max time kernel

144s

Max time network

154s

Command Line

com.jcoagcdag.kbzvxbdyv

Signatures

Hook

rat trojan infostealer hook

Hook family

hook

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum N/A N/A
N/A /data/user/0/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jcoagcdag.kbzvxbdyv

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp
RU 176.111.174.221:3434 tcp

Files

/data/data/com.jcoagcdag.kbzvxbdyv/app_app_dex/sjmtxty.gum

MD5 9e28e71b559fca9d2e9caa5d1e4f2f76
SHA1 f8cb37de35609c3c51887fe52c4464de5ef4ebd6
SHA256 c09e42194a904717dfe37c9a87af68db93eb17ef516c5d3c18db0d896cc948e2
SHA512 e9c37fb1db93abebedd5732e809aa32ea367750da252dd3a142c9b128bc852c7542fec1d188daf55f9b928cddfe3f63645ff29b98e6f0d2908e7ae13b771b0d3

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-journal

MD5 8a6f3e74cdfa4906d1ab8fc1a63f6560
SHA1 092b08deff64eafcfb90cd8514939c45203447a3
SHA256 2c3766437bfe7bee6c7c91e0264e1713579a35824710edbab6294e62feebf1e5
SHA512 e2c66d7c79c2fa8418b6d2c970ff6890f6d9157afc65ef6f9e71d78d93aff5bfa200f0aa546df09a5b2bfda67278b59ffebdd4f8cdb18847ba4e8a87781f3d11

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-wal

MD5 959a073859c52a96ce51b9d43380ff7b
SHA1 d26cfe7afef06dfc5260a4924f7f542915a6867f
SHA256 deea1677deeab846010b9248e8b5afa36ab5f84fddc4520c8a06b102b400b2d0
SHA512 d6fa7a4f37a045943b46a2d03227ba2a5c104c27cb9ac45583b67cc60eec888821b9d5d8dfcfbdcb20410ec4c05699ee72bf05d9199ee2b527c8399742d5e84f

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-wal

MD5 8c57ecba2697afb3c931bec2d91864c9
SHA1 868899144d872f71b8410652746c8f9ce4a1e151
SHA256 785ec727c7abda6fb4b96f9ccb9f787f3474c61b9a4127f745a13c8a91e1cc5d
SHA512 85740a62de7c4f6a5c7989503669d722ee7232c8cb7e48a0ecfcff8ec304e0c62bf312708524b763a40b883fce97dc856dd02bde927056c099227ebb4f70caad

/data/data/com.jcoagcdag.kbzvxbdyv/no_backup/androidx.work.workdb-wal

MD5 8156c9a712e3466d13455ae34d952900
SHA1 a53beed158de20826739ce24307ba371092d1be6
SHA256 581ac1ca2d19aaecd87032f6b53dcc1ac2381799969e345399bc7238f273206b
SHA512 6095af1ddf672bf18598a74675286aaa39af9bfe316bcda6d39701ad37b84ef24e2edd30d33d399f312e9bcc18860cf17e7b4f88c2117ba13447083b69ffe014