Malware Analysis Report

2025-01-19 05:51

Sample ID 241209-dqnpdstngr
Target app.apk
SHA256 f81b1cbac0fc3981660cf69031b4020a67ffaf0874391385c67e439c89b23a6d
Tags
irata discovery persistence collection credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f81b1cbac0fc3981660cf69031b4020a67ffaf0874391385c67e439c89b23a6d

Threat Level: Known bad

The file app.apk was found to be: Known bad.

Malicious Activity Summary

irata discovery persistence collection credential_access impact

Irata payload

Irata family

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-09 03:12

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-09 03:12

Reported

2024-12-09 03:15

Platform

android-x86-arm-20240624-en

Max time kernel

123s

Max time network

131s

Command Line

com.googleFe.app

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 lssue.co udp
GB 216.58.204.78:443 tcp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 es.hamghek.sbs udp
DE 172.86.66.211:443 es.hamghek.sbs tcp
US 1.1.1.1:53 i.pinimg.com udp
US 151.101.0.84:443 i.pinimg.com tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation3914411895918441650tmp

MD5 921784d78356643aa130b8116587a97e
SHA1 f40a82ba63eb8580020c2216668f4825755e71cf
SHA256 8862e453793faa63d26d419adfd64f2b476179b11a874ac78420fd01d4a6db22
SHA512 a3258a96304d6f03c9a98358a5cc4b4e6ef7318e210179e704277279ae81b062b54e9acbbecbdecfd8eff614a66bfd765a7493fcb4706b526cfd317770b47922

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 4780a120212e09b10c727550de389bef
SHA1 b9cfbeca3f1dd0719a7377262c31d59bbcb1fad5
SHA256 ee9c566450e0940ad178d46697ba5afec45d225bd0f0f7fa41d74f6dd098372d
SHA512 045ac9fad5cce0d12c816eac1e248632724271d127292fbbc80d7e93ca32e41e5b5ee9a33a1b312faa6de76da094d4f2de6474975c684f79ba7eb96b44204708

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 c11e2f2ffc5128dccf2801851b2706ee
SHA1 0e67145309946182196679e96783951f7643e538
SHA256 1871847d19741865be2fdcd7553365c9a2712b58208fee3671cc01fc43007fc1
SHA512 1b31874f688fac3fa394eaa8a7f96f5f8c3620c55a159bce1e703a21d7d6f0a29cea709e9eb2e7b4fc0903d44b9c7c8e54f08eb22e0a70275f3e80a0401c65df

/data/data/com.googleFe.app/files/PersistedInstallation7159648826077796218tmp

MD5 f623233adb76f9bcf293104e78408891
SHA1 f52fa8a079f69cc97c88e5761e7ba27e0fad8d4e
SHA256 01ca0b6b9d2c5976116515b7d1d32318faaee919c816e87ccc17432ba32cd29a
SHA512 70aaa642032ca588383be7e8e17552972c72885b5d546b3969a473cfe26f4542152eaf64e0789a2b9dfcbb969ac77171238da0bb9dab8dfe5d78b8764084d84c

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 5b51bee6ef8341f643aa3466e013f35f
SHA1 0669f104873b6ff1d7cf6b609b30ec83e42a7b4b
SHA256 5924f0621ce82a47c76c1a16b269408e94fd27a40eda7786ff3fb603f5fb36cb
SHA512 e2c94a24d1d6f9cf763512efc3982abeec01164b7cc7ad0c8a0d6735345c0e35e9e0d772d1f91ff69e1afcde0b0ad4c6ca4afacd7d6bc769075138430891885f

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 5ca049fc916547ddfce7903639f952f5
SHA1 8cd685c1bbe1ea05123704d32b09f286bbe838f6
SHA256 3b262a295499b88102e1510bc208b9397b07c29cffd77796254f4c6c7dfd71d2
SHA512 390c3397205ddc5bb0688170b66ddba80445945de1321af72b6dfc06b7d815d4130ecfa1e1ca2c03fc3807f058aea6db87cad184d2c8db808cdeba8b157443aa

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 9ef12ba4eccfd7ca8f038a195daed692
SHA1 bb1f0c457e5bb37c36db881842375dbfc870b943
SHA256 d2cc99ca9e0b01c60e9359d07dd564fbb68dca31fb687b54800eb0c052db9854
SHA512 83ffabcb0f913725b07a2a37779742e9ef4d0e4516f4fe2e1c3fa8e4eeafc665fb19e5d22e0cf552a05af419ed6aa496b35331cb8e4daa2616ec27454d75b481

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 1c6b6f2bcf56a485bca16517c5bd5a6e
SHA1 1e04fd7ed5310070db7971a99dd5c4daf8fbbaf1
SHA256 c8fd82a2bc9067d0795521a50b536c5a745e8590758786387ae6b778bfb5ef14
SHA512 8f66574c4233dda879798f0f325b00bdf0590e6213fc49caf5759729b477a85150993372f20dcb90ab143ace9ee373e532293f3feb6ef436e31daaf520852305

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 e0a4b49b6d8d1a462eadd1e5a14cc63c
SHA1 535d65e605124b4c2d109e4f36797721dbcfffad
SHA256 dcb580d28e220b2feec3bff47418c0fa0ffe27df45ec4eb4e0277c56fb4c8585
SHA512 e88d1091af7c9fd08c46fa13b9b7b44f69f20d16ffa09a9fc2e82afdbf7cfdb2c8ef1368d3681115fba66800501fbc1f13bec8e37b84cdc28e5a383c4e0a966f

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 98c6e6e9abd12b9c5b981c5caa5ca20d
SHA1 c976e37adec10cc012cfc0bed846a2f14dfdb511
SHA256 d7b22bcb515a2a44aa63f392c3cfea87aa5098aefd960cd3a55044d53ddcc033
SHA512 6273c5f28670d9734d46daf7cec0e93e25ac955503a12ef88b4dbd76df17ad11b5786fb5595e6f4996b6ed1803658279deefaa56ace673bb6fb2f4a65b326f3a

/data/data/com.googleFe.app/cache/1

MD5 bb506a04d2ac06f4be8d76fba38ebbd5
SHA1 31b3ac8bc9c5a70d9ad5fc6a8bd5c656fcea741c
SHA256 b709c0ef2d4fd3e826070b3635bde681c8b8a7f2e15009443b91281c5f6e3118
SHA512 e9f41cb5bf535e277307ab6eb0227fcf44b391f67f748a6b0f5ef2a12f68c4f95fe0915b166fe8f78a7f858f04f5704701872970d8c7cb9cd21c9befac11dce7

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 18dc3afba5c949568a5f3516c82ba8b7
SHA1 1bbc0a7393202dd340ae4d9d57bf6eaff20252e0
SHA256 192fa41ec72da40ee13d0a8a43bc5ddb3dd1c6c67375f343e390b89297e4d029
SHA512 58e413f062c3866f3b8895c46adb689dcc05d996e43ec3bf60683fce86300a9d949d682f811793857dfaf11d5687034cbcd0da744c03a3c14c27ab5878bfb31b

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 b5c0e3b7fb3089542e3dfdcdd3814d18
SHA1 4c3ca3c5408a558db98ea7579feed9f4d785faaa
SHA256 4953aa334470d95bf0f2194266231cacbd608146e8e5fcbe9f4878d09eaab82e
SHA512 b9727e3aa2192a3f34353d0053c5a36eab4879f517292fd0f874c51ed10b19f52d38a7c8ff5f60cec6abe648c2e85312199b8b1955673080bcb67954a15077ba

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 f7742683fc8c4c199dad3d0e22a813bb
SHA1 54e6a735228c68022d44f0fbe495f31bb43bb608
SHA256 17f80bcbeb0d0fb6c6c07cbb48c5956482695fae4b7137f058762bdd3f4e29ff
SHA512 1e8adcb452b1b6f1fe5c94eea56c91aa71b9305d884a23426a8f88a475c819365e83ae8b5b9f96bcec64f49cfd715605d6fbc48cca9824ecee9065f0478cc212

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 3e881d9a01ca707bed38018ac69f4518
SHA1 5820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA256 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA512 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-09 03:12

Reported

2024-12-09 03:15

Platform

android-x64-20240624-en

Max time kernel

122s

Max time network

155s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 lssue.co udp
US 1.1.1.1:53 android.apis.google.com udp
US 172.67.178.83:443 lssue.co tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 es.hamghek.sbs udp
DE 172.86.66.211:443 es.hamghek.sbs tcp
US 1.1.1.1:53 i.pinimg.com udp
US 151.101.128.84:443 i.pinimg.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.34:443 tcp
GB 216.58.204.78:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation4515844263177858579tmp

MD5 430f41934a8de87e84f9865323a48cda
SHA1 0f23662b6ff84a0eeb353de8b241d2cf88b0af60
SHA256 caf018414d7154aab3105a69fd5942ba130455627289ae994c3dbd8c9cd64a42
SHA512 52d136e5c41b3c1fc324cd072efc6128dd11cf9a58c379582242a94cd531dae0304d0cffa1a2f8fa93bd360eb5cd8f7a58deb90728ae07b3d62ca413fe1feff7

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 5385f0000c81d82f4c2074cd465c3a2d
SHA1 27ed4731b77a60f61e0991db5ffb79d69d6e67ec
SHA256 9d108e69365064ce46b21aadba3d84a481fa665846c8f5a1aa6c1470ad1ad533
SHA512 9bca3754d21b7263fbc48e1703a9b069e0053024c10975888aea19b6a27f38a532470f5b6c59e1c7d71f831e038c437910bc90e2ee1e0f0159641db4c3738c4f

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 45e024b39fb1ec8c05efe4553237ad1e
SHA1 c915ce058ca1849b72a82229c8408a904d832acd
SHA256 f99739e7f90607377f74d58419a16fdbec1b772f66fe2847f8a4509afe67b072
SHA512 dbf7329f278ffbe2881eeba12b4853469f748095b086de414b9fac3c3038e74b64ad0be1b5d7c7c69fdae1af28753db8d5e8243993cc4f3f229bee318277eab1

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 f16f40a0d9b3a48ed39aa47ff6bcc1d5
SHA1 f2f0fc9e3f0e87a499fc6fe53229494bce2cfc55
SHA256 47046a8d4104a098cede6a43c2f1b715f198c5b7bcd6fc9a076cc21510c99c8b
SHA512 5fc25dcb501bfdecceb592ef9b5809f584a84602a8e8c91d031457413befa6be353193a54ece40b331ad71b243ba2461116deeb9c00855e12ae13a9da4741b01

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 c6505cc0ecb9c77f80f2bf1ed6d7d4b7
SHA1 de8b02560aa6b96816a8809a1d1cf6cdea287eec
SHA256 aebc0284d91d6050c9710c0d6bd28433813639d8e96b106c48fb9e1763aab7d4
SHA512 90c25911c394f2c5e7b09ac0991ca637010192f47d84aeac9e8eefb8c647d3ecfe5b059d7deb83fb12b5a7a4cfb9a1564d7cae2b23ad0abd32ea17fde7da9ce3

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 a1670be588d78ed21c63f01f9ffce339
SHA1 53a0163c9b4883b5ee8388ead05aa217da9543ba
SHA256 e17302c0febdb4eae37f342969648ed2453b6988cc3812e523e376078e3143c2
SHA512 20a1ff8234d5f1def2a0273e5a26d07c3985dd566631b35e8a78df7ae80f3122ee457156a39945eac2093443f288d43f9ee2afba96836fbc1b25b233eb281414

/data/data/com.googleFe.app/files/PersistedInstallation4876804100750094600tmp

MD5 9ea97d8e3d3a057e8c95e39b6eefa6c1
SHA1 6525df524fe3dba8942ff483fbe1b5081d4c2d69
SHA256 b13abb5eb6100bf5a0bb0e68f4bfd1b6d27aa13e882169549d432cc28ab5b126
SHA512 187045777028ad7b3c648a8c1ba5d04bdeae5c87c0cc38379b78d655d40b839d1e44dac96756f36d1569ed2e5b8d52182020085989cd4375d1d841b46b4389d7

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 9064b3f58d135c1dea6a425fddf34706
SHA1 e4a1fccd9b55a3b8e4af4ba2e5d123bd0ddef44d
SHA256 48d1a2a0b4294deef5d11910777dc8ba902b36e17afa23df2b7adcf8d672f86f
SHA512 6feb00f3a218f3c78770cbc5720dac81d78975c6e9187588f1af2c54d07ae6f58a04107106fe5197391b603e663fa01b0ce7d48ebe9ee43b2ee52a3a938c7bfd

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 11cd26c8880f4ec8545d25bbe8971cc7
SHA1 0b8aa63a190e81f78755bcaa84d707bbf994934d
SHA256 3df4cef15825f638cbfbd0bcd4beb4005cfda5e414dd51d4f5270e4c13548f24
SHA512 8d0dc67bd28a8789dcf5644f8fc172ba38bdb6d5eef7beb773e79da5550423d6c5405c818435547519230b533a709815c4daf947e37ce3537219d0f877b30ff7

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 34938502c6ca19b53f455d4998bc5ed9
SHA1 0dc399a2a5ee94b6bea0b5e6e2a4f55c1c280a13
SHA256 d780fd06d1a14a69768d3d441803aead7102e5279c6a7b4cbd9a06e3a0dc9c4a
SHA512 406c6aa5f27983b4df63a080502a6ce1c2d4a2e14a9b20a05b220ee9d5b86837717303f0fd2fffa5c88568fa886c6ac0c64ba302e7a90db66c235abd8b7ebf39

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 e2a69262f9de333bfdd37127d267fe35
SHA1 4477cafb3d7946029ac79d23db9b15cc118b3d1e
SHA256 46138f5f1df810327a622ff696affd8a8cb5697d75b7f9804a069f187505bbbc
SHA512 25d0e79ae93c247c063a19bfe112099e753fd8712004c8b2d46210df2802583f9f4701f49fd6249d543d199322347cfafe279119b94f0f3406650abcb9c9dcfd

/data/data/com.googleFe.app/cache/1

MD5 bb506a04d2ac06f4be8d76fba38ebbd5
SHA1 31b3ac8bc9c5a70d9ad5fc6a8bd5c656fcea741c
SHA256 b709c0ef2d4fd3e826070b3635bde681c8b8a7f2e15009443b91281c5f6e3118
SHA512 e9f41cb5bf535e277307ab6eb0227fcf44b391f67f748a6b0f5ef2a12f68c4f95fe0915b166fe8f78a7f858f04f5704701872970d8c7cb9cd21c9befac11dce7

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 26ec5732af1be7cdb3362692f12e9222
SHA1 01ba5fbb5564b73fb427545761f327416e914da7
SHA256 8426765036ee59d2d2591c7a6c5c0563699e6d9d37221d45b36f7138fbaa30bb
SHA512 ea0873ed9e741842a237dd48e77479bcac0ecd3a62c67e5dcb768fc6d9ad479e2a6e4a2012afa9d3bb5eeaedfca8891f4892cc62bef3ce41ff22075a15bbda4e

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-09 03:12

Reported

2024-12-09 03:15

Platform

android-x64-arm64-20240910-en

Max time kernel

121s

Max time network

150s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
US 216.239.38.223:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 lssue.co udp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 es.hamghek.sbs udp
DE 172.86.66.211:443 es.hamghek.sbs tcp
DE 172.86.66.211:443 es.hamghek.sbs tcp
US 1.1.1.1:53 i.pinimg.com udp
US 151.101.0.84:443 i.pinimg.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.33:443 tcp
US 216.239.38.223:443 tcp
GB 216.58.204.65:443 tcp
US 216.239.38.223:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation1553729263172601826tmp

MD5 6a3424e93253f7795f3a391018174e26
SHA1 f21bca4c8f7d3786bf1fa7dd63223f23d7e57f28
SHA256 27da6f633121476d731cdbcca695e67c61e3bea11f35f23120969e453fb0f759
SHA512 d4635750eaf84a52a43677adf2df378391f35ebf5c21f22515a3fbc7be0e6dd23b9f87e72773c6c206f49a0294ecb1538d6544db51b212a85bdfdb4e707bedc7

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 14b5e5f0ea0e24a7978e947a44fa41a9
SHA1 5a5fea1e395e79102cd6b1cb9d20aa847933e49a
SHA256 27a32dee6701c869e55737fcdc69065f5bf92fcccbda62b259af879732f4d296
SHA512 2e3e32024141d850fdf9478c53324100eac23d871410da2f8ef615e8d2cf49b757b571b19fb6676e83d1c5d8ea8d64f0da14b9a08c4f1a1ff18f5f7fea78e4ce

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 fe0452e4e935bb00f15223651dfc17e6
SHA1 5db7b535e1f1159dea2fff73e151b3ec83cd9289
SHA256 8e0f8cedb1c2fd2532e23feb6faa442b0052b736576a231488792ce931f8b92a
SHA512 c48ed08bda9865844675ca439a6788db7cfe052de66c36d7026bcbf44e5949371923fab1bfa0736c4620f54164644f68e9347677917858fe8a9bbe186fa47596

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 4e7341ea19206a42a779adf64dc929e5
SHA1 c86b8699f7e41a5cb61386b55acd9e95ed25b640
SHA256 198813dbb962c143113758876e096c8d5e8c9432b0940c73888a56855af25e21
SHA512 36916f8416b55732d4b794f0fb65a8f5f3bbf90b00070d73dc6140f1298c2f6f78a11d15519cd8dc9cba7ee4440b3b6b8d35e79fd4c3e70422c287a2b1d9f2b5

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 9d045bfe2a8633d8c5b22fdd0cdc140f
SHA1 169fcd6326844652bd202bdbaa8dde91c28ec427
SHA256 0e0f88562c6baa5615d3365075d785d80c2a07ea1e8c94afe7d9809e6231bda8
SHA512 ab25ae0fe73e64d97dd65af858e29d54256b74c0a1e43dbe9196126b96327cd4f415f56b66674ac029de57a594cdfc4ccfe103f1f0b9e15a753e36ae28b35d89

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 8e89f93191e84033d9b672707058bffc
SHA1 af13b5b2057e812a70d7e040a90c161fc9bc42df
SHA256 f312c48d951578ca9ba9162ce18899d6fcaa7a8c44832d13df485a488dfd9420
SHA512 6dd763dc0372e88456810b56e1e3ab5b414179ce980f9857b0d400fc79fed26608a2fa844dfec7330a6b050ceb0ec6b0e9db276e617e41a76e17efc93e38d038

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 eda1d9fc56d54504b73e13278e9c9356
SHA1 692bb9a35e17b20f50cc59346eb4a9c722b0ad01
SHA256 1f68dc40f873d056c92853785d8ecdfdcc6b57c914fb9f53aace7e123aabd185
SHA512 a3dffaab592c125c82c25cb7976dbd938f277a766fb39ddda51ec7c733bcf83346ef1e915cce93a16404b2801ae43612d92815f2f2368f7337abfc3dee1cdf00

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 e483de4a70f51fcfd184c4debae84f2c
SHA1 7919754091ce8f1ff62f578fee81cb0648a00153
SHA256 1cac97ac74f32f5a72c917bfc1319b928b75aeed81a9d30bdfab9b29de6ec8e9
SHA512 de206112447c8995f599374bf2b1fc9627ad956fca33188b5bb47450ae36bdf5441a3439ca905e040a06e59966f586731291202a60a1986ee943ec334a3e076b

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 c9a5a7dba785dc94dc5d2cd4d2e89302
SHA1 b97cc51c7aeb289a1e06ffedccf9b118f214a829
SHA256 6b17e83bec6319ed6f23f707c33be6cf4cc213630b3cd00f3df23f370e2cddb6
SHA512 f26586e6a8fef6e9579307ec199b9f7e28fef8655b30daf21a225e8099c6ffd0da1bf7009b45776b4f87e229e10107be024a1c35ed4d5aba3d0b64754dadc3d4

/data/data/com.googleFe.app/files/PersistedInstallation8710468561362907992tmp

MD5 4c91aaf1f4ffe475c26476f4d73b2b8b
SHA1 36543b7b51509267d27a7978a3bd17199ed493df
SHA256 13b5b3a8f0191af0afdf6c2556ee975bfba6cf6204d16193df7f0d088a669534
SHA512 c8f00469c33827f9f9e2db86fb86197bd041da1792e629e8bc97d9826274cc9e2496e427a00b4109ec632d1bb4cb35c7234d52277b4df4356fb22e99bda7023b

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 c6df94e529dd66a7eb5fd7d53fef9e2f
SHA1 82243bf6f61204fe0d4378b32f5e223c64e932bc
SHA256 8810ae318f930f42bc6138c7967d7c84be1a750fcad2628a52ee13cd96c19309
SHA512 594960ecdd328a150397af7676575b05061e326738cc43ab0a3f15bfe5bf9574444b83d23137e3c1deb541cbdd7eef951d5520b6f950b0ee7efb7cdaf0a8b361

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 4e997a0f88f02ab27ac3e942e02177ab
SHA1 813d1b5296abcdc44668fe3034ca11554a5a2509
SHA256 e9d741bc148aadfd24e6df285e679fd18d893da6359993ebbb9b17995ee2510c
SHA512 c020cf104215a56f6abbf5780282e3ed9c6df9ab42207d2f0356353fe07fc4b96f346eedd0dd47354af3b01112c7f93930a0e0a0d584583cf81ce2412e695ab7

/data/data/com.googleFe.app/cache/1

MD5 bb506a04d2ac06f4be8d76fba38ebbd5
SHA1 31b3ac8bc9c5a70d9ad5fc6a8bd5c656fcea741c
SHA256 b709c0ef2d4fd3e826070b3635bde681c8b8a7f2e15009443b91281c5f6e3118
SHA512 e9f41cb5bf535e277307ab6eb0227fcf44b391f67f748a6b0f5ef2a12f68c4f95fe0915b166fe8f78a7f858f04f5704701872970d8c7cb9cd21c9befac11dce7

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47