Malware Analysis Report

2025-01-19 05:19

Sample ID 241209-zsbcqs1lc1
Target db877682fd0d489d9cb9aa1083ca05aacd61d9e63675dee50c10b010e3946000.bin
SHA256 db877682fd0d489d9cb9aa1083ca05aacd61d9e63675dee50c10b010e3946000
Tags
nexus banker collection credential_access discovery evasion execution infostealer persistence stealth trojan impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

db877682fd0d489d9cb9aa1083ca05aacd61d9e63675dee50c10b010e3946000

Threat Level: Known bad

The file db877682fd0d489d9cb9aa1083ca05aacd61d9e63675dee50c10b010e3946000.bin was found to be: Known bad.

Malicious Activity Summary

nexus banker collection credential_access discovery evasion execution infostealer persistence stealth trojan impact

Nexus family

Nexus

Removes its main activity from the application launcher

Obtains sensitive information copied to the device clipboard

Reads the contacts stored on the device.

Loads dropped Dex/Jar

Checks Android system properties for emulator presence.

Queries account information for other applications stored on the device

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests accessing notifications (often used to intercept notifications before users become aware).

Declares broadcast receivers with permission to handle system events

Queries information about active data network

Requests enabling of the accessibility settings.

Makes use of the framework's foreground persistence service

Requests dangerous framework permissions

Performs UI accessibility actions on behalf of the user

Acquires the wake lock

Queries the mobile country code (MCC)

Looks up external IP address via web service

Declares services with permission to bind to the system

Requests disabling of battery optimizations (often used to enable hiding in the background).

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-09 20:58

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-09 20:58

Reported

2024-12-09 21:00

Platform

android-x86-arm-20240624-en

Max time kernel

129s

Max time network

135s

Command Line

com.car.debate

Signatures

Nexus

banker trojan infostealer nexus

Nexus family

nexus

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.car.debate/app_DynamicOptDex/LAGt.json N/A N/A
N/A /data/user/0/com.car.debate/app_DynamicOptDex/LAGt.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.car.debate

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.car.debate/app_DynamicOptDex/LAGt.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.car.debate/app_DynamicOptDex/oat/x86/LAGt.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
US 1.1.1.1:53 translate.googleapis.com udp
GB 142.250.200.10:443 translate.googleapis.com tcp
GB 142.250.200.10:443 translate.googleapis.com tcp
GB 142.250.200.10:443 translate.googleapis.com tcp
GB 142.250.200.10:443 translate.googleapis.com tcp
GB 142.250.200.10:443 translate.googleapis.com tcp
GB 142.250.200.10:443 translate.googleapis.com tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp

Files

/data/data/com.car.debate/app_DynamicOptDex/LAGt.json

MD5 74ee6286df3aa4521e5fdd6ee2477b79
SHA1 bce0760b786c0c6f0bcb2b580ead622ade38aedf
SHA256 2577bf7ba7953d11b816c0174efb60f68d32fbc0fc484f1e83ec38e9667d78c8
SHA512 6a355b2e3e35af509ef190de5b103b39bb594b3987f86b25601075a23a45ccf019f1ddfcce2aeee57136ff55c025b1dc210d5c9d9ae6354638e4d306d4f18366

/data/data/com.car.debate/app_DynamicOptDex/LAGt.json

MD5 da56247f322aa732e5c1b79e016339ae
SHA1 0b31c293536e12dd284218b82e3c596dfb6f4ddb
SHA256 bfe9cab5cfb0353027005ad0cefbc43f757faab39435bcf3f76d8f1b19b076f0
SHA512 7f4b95163fdada7574948dd8e528d377bba538907fbae90db5c9df9a0a50bbbb2fb831c7b11b0c4c2361c52508bbf9ca19d075c74777120acc4a6baec3b6f7c8

/data/user/0/com.car.debate/app_DynamicOptDex/LAGt.json

MD5 cc20cd55132e50678f89fd6c8b862801
SHA1 2e2bca371167f78001b13f73e2bbded35fac84af
SHA256 e0f9a272f590ad53309e8d8aefb54cfed7c6d2113ff2255528bb739b09fc5579
SHA512 3660bdc5a0a6e99c0de6595c1c365143f6f26a9e44e46195dce3fd570cbd65f5c558be69a7f0a60843908a607792b0c2bfb4009c818d8c50b1a65e44ba321b8e

/data/user/0/com.car.debate/app_DynamicOptDex/LAGt.json

MD5 76f89ae779d54f4a3f40adfa812958ee
SHA1 b02ee57fa4c9e81d45be9aea84b08ec167d8fa31
SHA256 e65d6945c6f4dec090e4bea1417bed015e03aeb4bbe7e3a8a32f730a58f36e2e
SHA512 e4a77901e5f69d80e218aa80f6a113786b8d91899ddf576af9b7448966e47e1a2ab6b3c1c0441a77a3e8dfe556d45019d410acc3deabff4b12ce79c0a8aff704

/data/data/com.car.debate/no_backup/androidx.work.workdb-journal

MD5 c5507645ac4dbe10b3a124084aa959be
SHA1 d4bc38a978b65fe0f00a5ca25b9b4463d04af016
SHA256 596595c90943d7ed46e3e07b322a2739d85333ab62942b289681d48664857a98
SHA512 50a2430e379ef98a62e18550c4772788f99a26ca14d71190d156d6f9e0cd42d3625f01e56ecc7842a4965e4ac8b9b9caa6b531abea086c1f79b77c85efa061de

/data/data/com.car.debate/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.car.debate/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.car.debate/no_backup/androidx.work.workdb-wal

MD5 55b71a07a4906ab9baf38dc8df3f7746
SHA1 89b60ecbfa3a31e36d2531c70ccfb82ee242b762
SHA256 3e77c19d940a5bcb9e850a1ca086b59139cbc574fc098df5125aa622df3defb1
SHA512 aca441775488807550a9de5682ebeba6b1709da0965cdb9f3d318670d3f268eb1f4bd024bfefeff8151eda3761100fb5a2545fac4b852f20736e32c367baafde

/data/data/com.car.debate/no_backup/androidx.work.workdb-wal

MD5 3e6364d226afc9db8d5e192052d02b4e
SHA1 38c31bd6342761debe2afbf72a6f26e047a97213
SHA256 5c3c7200d25cfee1562d7ea129ef9579add269985af3704769db15f355a0981c
SHA512 41f29d9eab3a3f611ca01160c9044e788c7ddd1be2fb6089c66a9361e9cf6e1cb400147aa754fcd76b42a513ceb342473dfca73220f15479cd7734f1dce6bc6e

/data/data/com.car.debate/no_backup/androidx.work.workdb-wal

MD5 efe1888d826f335aaa8183277b680ed4
SHA1 b6b516b3e6544ecfca24a38d0278a03a9edf0dbd
SHA256 011bce867fb9d8d3c7a2939fbe256f43e8b0385458535b393e7b65e6dd10407a
SHA512 d216691da85920b9bd1d50998c34d94346a6e94d7153648fdc28a5a89e0ce6e106eade0a9c54859636aa94f17cd8fc1dc7cd5a032e998eecc970a77df1d7e1c6

/data/data/com.car.debate/app_DynamicOptDex/oat/LAGt.json.cur.prof

MD5 2c6ad987068abcd456d2c75adfd91013
SHA1 2bdf5eb037463a6cd79acf4727b2733c04867692
SHA256 3e6ba8e4268f126a92519f35b96373ceab51bf32b744e35d978c90e7e0ab2c4f
SHA512 8e96b1ee01422825b3448e557c8d2e2547c69638ad24bbc4da2dbd8ecd1291577db56a047a84a1e6f251ec660b7790a8fd231b6b20ce93ae95db60c90f999211

/data/data/com.car.debate/app_DynamicOptDex/oat/LAGt.json.cur.prof

MD5 11fd43fbeaf35a81387a4ef1c1483c0a
SHA1 428007d445d75d99795f4d414e44034e39753934
SHA256 d74ed122828f73c1a97a0e2c9a037ff831a24a774a148db2658ca6dd8162a991
SHA512 87327731c2e2bb9d0ecbb855d6038bcb07f794f93f76422f29b9b492626a1c27a2a501d2dfadd4a443f4c3a3ae4f93f2df893d01237e8b051a8a588db37be138

/data/data/com.car.debate/app_DynamicOptDex/oat/LAGt.json.cur.prof

MD5 7415c82e02016d11c8e0f55b5903132e
SHA1 dcd49ae4f5f9947cc1a73f35494ca1f98566c873
SHA256 56bd630f4083ec199c1d2a5cbd12b3964d3604b36503c100e58cf3a3090c251e
SHA512 b54c21235b0589839948b5c98e1049206fb587245aede3dff887dcc78cfbb8d99e81f33ca3599e24d1ab476c1bf142d97d66f15ba3f10c27d9b3c203a63c6e7a

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-09 20:58

Reported

2024-12-09 21:00

Platform

android-x64-20240624-en

Max time kernel

126s

Max time network

133s

Command Line

com.car.debate

Signatures

Nexus

banker trojan infostealer nexus

Nexus family

nexus

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.car.debate/app_DynamicOptDex/LAGt.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.car.debate

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
US 1.1.1.1:53 translate.googleapis.com udp
GB 216.58.213.10:443 translate.googleapis.com tcp
GB 216.58.213.10:443 translate.googleapis.com tcp
GB 216.58.213.10:443 translate.googleapis.com tcp
GB 216.58.213.10:443 translate.googleapis.com tcp
GB 216.58.213.10:443 translate.googleapis.com tcp
GB 216.58.213.10:443 translate.googleapis.com tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 172.217.16.228:443 tcp
GB 109.206.243.54:80 tcp
GB 172.217.16.228:443 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 142.250.179.238:443 tcp
GB 142.250.200.34:443 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp

Files

/data/data/com.car.debate/app_DynamicOptDex/LAGt.json

MD5 74ee6286df3aa4521e5fdd6ee2477b79
SHA1 bce0760b786c0c6f0bcb2b580ead622ade38aedf
SHA256 2577bf7ba7953d11b816c0174efb60f68d32fbc0fc484f1e83ec38e9667d78c8
SHA512 6a355b2e3e35af509ef190de5b103b39bb594b3987f86b25601075a23a45ccf019f1ddfcce2aeee57136ff55c025b1dc210d5c9d9ae6354638e4d306d4f18366

/data/data/com.car.debate/app_DynamicOptDex/LAGt.json

MD5 da56247f322aa732e5c1b79e016339ae
SHA1 0b31c293536e12dd284218b82e3c596dfb6f4ddb
SHA256 bfe9cab5cfb0353027005ad0cefbc43f757faab39435bcf3f76d8f1b19b076f0
SHA512 7f4b95163fdada7574948dd8e528d377bba538907fbae90db5c9df9a0a50bbbb2fb831c7b11b0c4c2361c52508bbf9ca19d075c74777120acc4a6baec3b6f7c8

/data/user/0/com.car.debate/app_DynamicOptDex/LAGt.json

MD5 cc20cd55132e50678f89fd6c8b862801
SHA1 2e2bca371167f78001b13f73e2bbded35fac84af
SHA256 e0f9a272f590ad53309e8d8aefb54cfed7c6d2113ff2255528bb739b09fc5579
SHA512 3660bdc5a0a6e99c0de6595c1c365143f6f26a9e44e46195dce3fd570cbd65f5c558be69a7f0a60843908a607792b0c2bfb4009c818d8c50b1a65e44ba321b8e

/data/data/com.car.debate/no_backup/androidx.work.workdb-journal

MD5 b2a487b475def3050b0f5f602324fe76
SHA1 7d87d5d80c603cd25748b83ad41c4e1d000d3e85
SHA256 2a1e8232fc82f68dda90c94397f49c0b15e1c591d24453c6804571cc70975a6b
SHA512 b464d137ef5a71e14be8017e217a661d9b7c98182277f0550e5b6c79bdfe078304581983f96d190b04c7304f97d4806030976419c97847d63f9c0686b318f635

/data/data/com.car.debate/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.car.debate/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.car.debate/no_backup/androidx.work.workdb-wal

MD5 d3a5bfbb08babdd852de1d78a31f2d92
SHA1 bfbc76817c0dad993beeebe29c5ce13c43633809
SHA256 fa695f58172db7d226fdc4b7861966fd8d0f7ebb4692b4402b1f5380a9994cd9
SHA512 a37f79c0b3c672c01546f0cf50ed8e7d9a934f5c94066b0046d349bdc85b16ae1e4402c1951468dab68caaea3aca266e88c20c60418deb1afef5e5bf1c24ff1d

/data/data/com.car.debate/no_backup/androidx.work.workdb-wal

MD5 888ba06e82fa6ea5d83cda81e17ebc48
SHA1 53a422b67de53f94b88d7abad5c149f1503493cd
SHA256 39d8095d76dbd55c4d9ab619b49c64fc4ac78b598565d65eca7f8f419a3b1c3c
SHA512 96ce49fb22ca92ae9aba9b8dc3152fcf1f1c149e3ba2f52fe834f9431d08fa155f17454f65857d7dc1aae8d791e15bf47ddb27d34321f003a531d9f23a6b0a72

/data/data/com.car.debate/no_backup/androidx.work.workdb-wal

MD5 03bfe62e4b788d34efca64c31987d058
SHA1 94a484aa02fab030d2e0614bc1fc54a4b6744b48
SHA256 63a15f54220317484c5ddbec6fce40b996e803dac4f6e805a9035ed209f7624a
SHA512 6c28d351e2804dd7e9190dabe3cbb70f979c3cc3c9496b769925fd25689528c4b22b88e76de6d92bd818bd09078ab53e74614063782e35a7d1ef181267461bae

/data/data/com.car.debate/app_DynamicOptDex/oat/LAGt.json.cur.prof

MD5 dcea760524ae7f589636e2c347e8c129
SHA1 b0c4b1c0a2508959a4ec5867a76f5f947d74c791
SHA256 eca1dc066749eac302c1e1892540a8b7acfcf1fa9df873a5c6de9c565adcc1ef
SHA512 5ae04c611a068167b4eaed26140a034d6473acea0ee7a1b90ccb157928e9a16bcd3c352c3bf675744e79855d432ac7eb3fdda8228cf99b00f0f5afad26771844

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-09 20:58

Reported

2024-12-09 21:00

Platform

android-x64-arm64-20240624-en

Max time kernel

122s

Max time network

130s

Command Line

com.car.debate

Signatures

Nexus

banker trojan infostealer nexus

Nexus family

nexus

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.car.debate/app_DynamicOptDex/LAGt.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/contacts N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.car.debate

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ip-api.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 208.95.112.1:80 ip-api.com tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
US 1.1.1.1:53 translate.googleapis.com udp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp
GB 109.206.243.54:80 tcp

Files

/data/data/com.car.debate/app_DynamicOptDex/LAGt.json

MD5 74ee6286df3aa4521e5fdd6ee2477b79
SHA1 bce0760b786c0c6f0bcb2b580ead622ade38aedf
SHA256 2577bf7ba7953d11b816c0174efb60f68d32fbc0fc484f1e83ec38e9667d78c8
SHA512 6a355b2e3e35af509ef190de5b103b39bb594b3987f86b25601075a23a45ccf019f1ddfcce2aeee57136ff55c025b1dc210d5c9d9ae6354638e4d306d4f18366

/data/data/com.car.debate/app_DynamicOptDex/LAGt.json

MD5 da56247f322aa732e5c1b79e016339ae
SHA1 0b31c293536e12dd284218b82e3c596dfb6f4ddb
SHA256 bfe9cab5cfb0353027005ad0cefbc43f757faab39435bcf3f76d8f1b19b076f0
SHA512 7f4b95163fdada7574948dd8e528d377bba538907fbae90db5c9df9a0a50bbbb2fb831c7b11b0c4c2361c52508bbf9ca19d075c74777120acc4a6baec3b6f7c8

/data/user/0/com.car.debate/app_DynamicOptDex/LAGt.json

MD5 cc20cd55132e50678f89fd6c8b862801
SHA1 2e2bca371167f78001b13f73e2bbded35fac84af
SHA256 e0f9a272f590ad53309e8d8aefb54cfed7c6d2113ff2255528bb739b09fc5579
SHA512 3660bdc5a0a6e99c0de6595c1c365143f6f26a9e44e46195dce3fd570cbd65f5c558be69a7f0a60843908a607792b0c2bfb4009c818d8c50b1a65e44ba321b8e

/data/data/com.car.debate/no_backup/androidx.work.workdb-journal

MD5 ad2b7094f1bc94cdb275eb604701e10c
SHA1 c53e2f675d16d183f5a76bb76865ea7e00077b8e
SHA256 910b1b47a525e8e6a6594c846dd521f3e0debc992168f4f1ec8f1d7e8e4a16d0
SHA512 d093422ccd995be639263ff058fde292e216e6c118a1f3bd8f38e7b0c09f14e6b883c862eca567f5c39003a94212bc9262f893171cc1be1a9815565c7b1b7498

/data/data/com.car.debate/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.car.debate/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.car.debate/no_backup/androidx.work.workdb-wal

MD5 ffce14bdc6217ac459ea0df68a2191ac
SHA1 0c6a72aa65f2df6359184232a8ff30a44352934f
SHA256 5b19e008ea0a0ebd31a11875f3dd96f5fc42bd269347f0d979f77adc94dd9d64
SHA512 a170d46f5c103a42956422c3d8f4240b0409024519b9ded55518dec66a2ddb7689966fa857849d4f106706a13b5d4fe1ec840cd653bbd917993456fdf53dfa35

/data/data/com.car.debate/no_backup/androidx.work.workdb-wal

MD5 8c1760a0737c5e0f38089aaf02e0f019
SHA1 08cfc5a97caaebc55af2186687f9fae0e8cbdb54
SHA256 9cdf0daad4523a8629c035fc4106e837045088a6e6867c28c1c8b976988d43f8
SHA512 66892d11523f18ec505d6183df4117cc2d4366482bf49dbdaae5d2d09d61de57659852067a43f502f324c86d05a00ec517eb84eaa74145b456763ba25816f4a0

/data/data/com.car.debate/no_backup/androidx.work.workdb-wal

MD5 a943bcda7db065adf61addae3361af56
SHA1 31389f36aec3713afe1ae9e69bd3a4a46496c40e
SHA256 e3ea9ae9566fa373710f73e3b20ffa39eaae543d4560b3cd182539da3d88bd8b
SHA512 942a3fb468a0df69fb40dab1d94970f3a9546de43330b510c86ff648deebe82aaf306bac9e5220f54d273a1479f59a5fbd6c0e2f6c4c554144d46244e83dbf92

/data/data/com.car.debate/app_DynamicOptDex/oat/LAGt.json.cur.prof

MD5 a14076cdf7f2b5830fa0d5229e1589f2
SHA1 ecd4f81e9bb40855c8d96c85a0a443e1fc30cba1
SHA256 986a4a52e0f9c05caea807e869302d14d8e4b2df541a14211ee177e4762e866f
SHA512 f149f92dd931fe391f76410dca013d2def74752d17886cb2736b1e2c5eeb36acec2852ed727b0d15449eded90d27b06e5edcdccdbae43e59731a528ccb4f7c20