Malware Analysis Report

2025-01-19 06:50

Sample ID 241211-jzhsdstqaz
Target qcojes.apk
SHA256 58911b7dbc485fb5e8bc3967de002ab5cb898023223d7a41e5dd7e1a074e40b1
Tags
antidot banker discovery evasion execution infostealer persistence trojan collection credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

58911b7dbc485fb5e8bc3967de002ab5cb898023223d7a41e5dd7e1a074e40b1

Threat Level: Known bad

The file qcojes.apk was found to be: Known bad.

Malicious Activity Summary

antidot banker discovery evasion execution infostealer persistence trojan collection credential_access impact

Antidot

Antidot family

Antidot payload

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Requests dangerous framework permissions

Attempts to obfuscate APK file format

Queries the mobile country code (MCC)

Declares services with permission to bind to the system

Checks the application is allowed to request package installs through the package installer

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 08:06

Signatures

Attempts to obfuscate APK file format

Declares services with permission to bind to the system

Description Indicator Process Target
Required by autofill services to bind with the system. Allows apps to autofill information in forms. android.permission.BIND_AUTOFILL_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by call screening services to bind with the system. Allows apps to filter and manage incoming phone calls. android.permission.BIND_SCREENING_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 08:06

Reported

2024-12-11 08:09

Platform

android-x86-arm-20240624-en

Max time kernel

149s

Max time network

123s

Command Line

com.wafukizifi.server

Signatures

Antidot

banker trojan infostealer antidot

Antidot family

antidot

Antidot payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json N/A N/A
N/A /data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.wafukizifi.server

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wafukizifi.server/app_addict/oat/x86/NFGYpTB.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.wafukizifi.server/app_addict/NFGYpTB.json

MD5 4ea265a5115ca4553a2f49ddd4bc936c
SHA1 98ef66230d578b1439d8ff95f45279e2f22c6454
SHA256 623bce07ec9cbfda83dbad1ce35f3a6c9a018d2018ed4c3749c106010caf036c
SHA512 c1f6ebe4adf58a4ee69173309921699b577b761b9491d35d0e16563a3ca7a6aa76236b0f9a8dba82a572c4b8a4d7f17d4a34b8214b3a4f3005a31f47610361a0

/data/data/com.wafukizifi.server/app_addict/NFGYpTB.json

MD5 b0e5ce664d3b72ce27fd936ba50fc9f4
SHA1 5c003e9f84b972124465b1dc0500cb5e44644a61
SHA256 3c278b862d2689ae0f8cb6021ab3860035f9088b6b84f2b90b2f54ce9a3771d0
SHA512 b8e79f9abe0e1fe568ddbd2d0c0010c0ea797a02a106fce6f64d8ea1bd03c7cbb6559637ae4dd487026b9fbdab8c967dca77aff719735d7a6f5337c99cce1164

/data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json

MD5 c9aaae1e74411b132d2394bb0be61477
SHA1 b88481229124c0def855b73e2046cddacfff3e08
SHA256 ffd4d13e1f12225aeb58b15f8f2348b6be7e332d5f90bb8d218fa4ebf3510e05
SHA512 695e2033b15f7d7463599a8567b097757bb241ec155b027a56daf0bd2a69b5884ae3b8af79de2df98e217deff9bd474549babfccacb8f6aaef2df7eb872c1b0d

/data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json

MD5 dc807c5bbd67dcd72c06e92cb299f171
SHA1 703496f3b41e0985ea649dbff769603e37306dc8
SHA256 3b408160d16d56611207244946a81e149a3d5d4f9fd102cdf18a304e728b668e
SHA512 4069f145d8778359ef055e278fb594f7cbcc675c47c4ecbc19245e653ee01d31dba9168ed9e8fd571df438496b6273f1c67f10c9466e0a9be268c0b9e8c481b0

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-journal

MD5 55ea429f399ee690b7c4a3c8ecb339bc
SHA1 ff25a0839d8aac92ea2a25854c1b8427535cce6c
SHA256 da53d714851a6c946f6c42f0bc4a446b3b5d31a34fefa529aa5562bc20904b89
SHA512 00ff995ecf1ccd56fd3e3e49956599c548fa1fb4f245ea77dcf8c3c3603cc5624c27198fa9caddf0df04beb6f3aeb766ef14f0f6bd8e32a90a9f40d87717ce56

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb

MD5 4e8ab379fef5332df1ae9129efd486db
SHA1 8222cfc893c9e0adafde40c40de4b0606932b4f9
SHA256 c86a17740a1be295badd1546e51b3e200c12588f5054a2194c37dd2dc8ca9baa
SHA512 26b26f89410d1117e3c835240d197a6ce6590588cd173dbdb3f9d27cef0a3d9cb00c612d61b2d23e1c2cdb3292ee1e35f47b4869d616f17634f5310a34228794

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

MD5 146f30a38b146ea2fdf7ded627081051
SHA1 3e8c29bc07a1a5f538e51d5a4e05c0703cce8fb0
SHA256 15f99961cf951ca79173df254a040d0677931a904303e787fc4be56bc39703d5
SHA512 da02f557e46231600fa0fe3b5b49ff1031485b1d4b091ade570be0bd4cfa93f715a2b703a450cf53618d9b3066502d1d1e46af4c0e13d824f9682ba6ce69b182

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

MD5 f63e1d2831e53b3f3ca55779e5753d2e
SHA1 fdfc38da5b3947d34b8e8db7e71f51717b38a9bb
SHA256 fe1951097d4787afbd9b0b632b6397da0dc3f1f8ce9d6827898eaa9d08deed4d
SHA512 2ee5dca20b3010979252819da398e097407636b2f1cccc37cee402d0bb7b8731c452a103ea4e7797806e26e3fb4f2738a7ab6e2eb709c2b5039d49858ebaa0e0

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

MD5 5f8965b273941345565d107206c4f1e0
SHA1 a23d73d7558114c95befe09990eeeb1525ede537
SHA256 c3de16f7fa1e82719170b3532f95d7c1faa69c854bd40dc8840711359dfa0fe8
SHA512 4705f3a52c11278da16c49ff2ed02cd90100a7ecfd21f8654285425e7144f7adf4a86718112b29e106c846cc5bc9b1c4a2885b40485924994129c8cd914b1faa

/data/misc/profiles/cur/0/com.wafukizifi.server/primary.prof

MD5 55d76a4e1123e8a1a14c423161f826f4
SHA1 89281fd85e898b47e1a10abf842f0e3f477c715f
SHA256 94582a73f60c2f8f11aa02c50325386637307ae42694405ea6884978a150c00b
SHA512 38c8ca5aedac261d81de95648faea27e546e277f5e1ef5fe18586642d9b58057f89edb7d44ddef9b83f4894afbaf58bbd778b11835b31ad9a926fa52016813ee

/data/data/com.wafukizifi.server/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 9aa3dc0c83f272f8f41638e1bf23f476
SHA1 77b8eded4f62832d531ff4ef8c617e7bd10d7768
SHA256 1bff8e1c5f4f11b5e8ef8cafbf92e67055b6b6a1a62f5d8d29370c0c153fdf61
SHA512 38d4b1984ff85af2178d87edc5dfb60a18b7e03b90df16073c331693717e2576769dd7404712042042a5a094aeddf05a86e35b714ca5382c205a70b51a155735

/data/data/com.wafukizifi.server/files/profileInstalled

MD5 de7773072dd856e2bf08b28ec9f1b038
SHA1 3e2d3aca1559586d1311bb3cee09196d5bfdd249
SHA256 29d03730066f215d114c247a299c8e10be7233e0b2abbdaa97f744c8a9339849
SHA512 df3e6991a037ad1d8bcdeae8f5d8fa43ab6065134746d0b7ba67e2d5340701bedf43e75f1e8f4507bca4858072a2b81c6c5011570932cc722efa437e5d013ecc

/data/misc/profiles/cur/0/com.wafukizifi.server/primary.prof

MD5 553f5641a72413daaacafc7ac36e19e9
SHA1 45c5d4c42362e3a7569891cdc1e8e2b6a20e7386
SHA256 5db2280c30d11a99bb0999aabeae5094ecc0a65d2be1a701e0a9673df7dc4b8b
SHA512 aec7674ec1dbb3fd82fafa3bb8043d1e66aa39ae215f7f7219dac55c70b5ada2b67b78478bd157bf014d490872ed758abbe733c4af986f63bdadf273374fbff6

/data/data/com.wafukizifi.server/app_addict/oat/NFGYpTB.json.cur.prof

MD5 c1a5273fc18d401c6e7db5244addc507
SHA1 38d43173119f12d98070b92c7a7e7913ead5884a
SHA256 76ae30f4fca24136323c036482df4290ebd52d6f4e081f7ca193325a155bd82b
SHA512 dd75441e516d9ac4db3f708b7f2c89c9f65f8acc527333ec69f44d0c236ce76e9c48fe02a49fe6fcf7de0c75af7f6a53255dad9109cece36452a1fa7a24b89dd

/data/data/com.wafukizifi.server/app_addict/oat/NFGYpTB.json.cur.prof

MD5 9a1d49dfd30fe19f938a3eec69e3cc04
SHA1 37ea38cc7b9f8b01d18b81d1efc78b700e8da308
SHA256 693b33eabc94c3500904758dc1f62d83b79d9630b3d37c2178c8c3f26a5e96eb
SHA512 972447fa67f30b9b05eea5f6c38e987f9378c560df83cc0c6bafc5178ef3d3f7fa110a88d2abf57b1960094f4291384b35ed01b2f962f9af35dffb003c215164

/data/data/com.wafukizifi.server/app_addict/oat/NFGYpTB.json.cur.prof

MD5 4b5096bdeaaef17c36f7ea7566a08d8b
SHA1 5ff99f12535ce0c2c47093dd3e3df080ac4ad2dd
SHA256 23d13a26402b580e54184fdf842b9a058e8710f837e37d2d6bd556f3a1e2de49
SHA512 af8abdb23f46e26cb2c9d00a2f688d536c7417a3c344ad7c86fb40ff1266d9d6924878639730f27cb5254ed34d7c05eb56dc4a8c0a86d692ab9351037029c659

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 08:06

Reported

2024-12-11 08:09

Platform

android-x64-20240624-en

Max time kernel

149s

Max time network

136s

Command Line

com.wafukizifi.server

Signatures

Antidot

banker trojan infostealer antidot

Antidot family

antidot

Antidot payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks the application is allowed to request package installs through the package installer

evasion
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.wafukizifi.server

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/data/com.wafukizifi.server/app_addict/NFGYpTB.json

MD5 4ea265a5115ca4553a2f49ddd4bc936c
SHA1 98ef66230d578b1439d8ff95f45279e2f22c6454
SHA256 623bce07ec9cbfda83dbad1ce35f3a6c9a018d2018ed4c3749c106010caf036c
SHA512 c1f6ebe4adf58a4ee69173309921699b577b761b9491d35d0e16563a3ca7a6aa76236b0f9a8dba82a572c4b8a4d7f17d4a34b8214b3a4f3005a31f47610361a0

/data/data/com.wafukizifi.server/app_addict/NFGYpTB.json

MD5 b0e5ce664d3b72ce27fd936ba50fc9f4
SHA1 5c003e9f84b972124465b1dc0500cb5e44644a61
SHA256 3c278b862d2689ae0f8cb6021ab3860035f9088b6b84f2b90b2f54ce9a3771d0
SHA512 b8e79f9abe0e1fe568ddbd2d0c0010c0ea797a02a106fce6f64d8ea1bd03c7cbb6559637ae4dd487026b9fbdab8c967dca77aff719735d7a6f5337c99cce1164

/data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json

MD5 c9aaae1e74411b132d2394bb0be61477
SHA1 b88481229124c0def855b73e2046cddacfff3e08
SHA256 ffd4d13e1f12225aeb58b15f8f2348b6be7e332d5f90bb8d218fa4ebf3510e05
SHA512 695e2033b15f7d7463599a8567b097757bb241ec155b027a56daf0bd2a69b5884ae3b8af79de2df98e217deff9bd474549babfccacb8f6aaef2df7eb872c1b0d

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-journal

MD5 a849270f2751334a7a9ff2bcb2368929
SHA1 782e54e82f8c22734ea9b4198aa6d5019d9a7a35
SHA256 070163596da748052efaf7f848ee923a4a92b1a5e35cb6510f0c25d9e18e577d
SHA512 416773b921c27afc3ac7472073cc9d5b644e1813b65c262bf586809711b54f9bb723b1fde6a69bd1ca49bb33686b0eb693692458b1ef919836519a0add5f1078

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb

MD5 992fdcc0faa6bee894fa3df060098ae8
SHA1 2b01122d1024b327fe0e2e36e2c1c6b389bc55cb
SHA256 d5288a9351d75efd68684abca0169db550b329bfceabb82c6b00f0957a12bf5e
SHA512 5f63e2ca345ea2306479d3e8cc9875b5027a080190df2ba6dd273b0606b2e1c23517ff96787ffac58540288c8c26599e84031baa9aacb457d8d01366653f46c5

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

MD5 abc1b362081109ddf9d5e3418a72f7f1
SHA1 3c6f6710494c435943e33a03eb507f267901e539
SHA256 bf476aa95d496cd3b7825d36c681de03cee54e166295cfea8da038ee9197d009
SHA512 36fa406bcc5aba2c4cd2a96f4db9b8d6e59a3c2cecfbd3c82d7857d3ad7018b7b5e1a01f0fddf470405dce1659f57710b9ca0ad723c3343fc757d8724470b5f5

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

MD5 b9d4ff0274df12d135567d6bacecc908
SHA1 430836a76ca6125d0ca4c24a53a8f1972cac461d
SHA256 188fa0b6b30af449332eb636a9b444089b74d98a4c0fd749f0c44efa442ee940
SHA512 5a56a2b6066b25252a0e02cb949fcb3791976e8c02f92f0ffca7c85f169c72c92f48ad0f8a1ace06a0d70085f616bf68e1aed8f27b7f172ea87cf02e2f44f486

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

MD5 59d784bc200cf4c77786bfa8bb4447fa
SHA1 50d900ba02059fdfb664e84cae08610b61d714f3
SHA256 9075b2f5a6a9476d59bef529bf86b2511069e98140a547198f6a4d5c49984798
SHA512 ee76091fd4538358e82d1ecf2605c63bac7d6da86bdc0cc9b27e448b429e48b180d3ebf1e62d2af80144e2a8781fa0c0e8550d2b835a8d007c0526a33202e61b

/data/misc/profiles/cur/0/com.wafukizifi.server/primary.prof

MD5 55d76a4e1123e8a1a14c423161f826f4
SHA1 89281fd85e898b47e1a10abf842f0e3f477c715f
SHA256 94582a73f60c2f8f11aa02c50325386637307ae42694405ea6884978a150c00b
SHA512 38c8ca5aedac261d81de95648faea27e546e277f5e1ef5fe18586642d9b58057f89edb7d44ddef9b83f4894afbaf58bbd778b11835b31ad9a926fa52016813ee

/data/data/com.wafukizifi.server/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 68df4d8e985fd2fa90123b54c1f6fad4
SHA1 fdd9b3b55f4f3d638467f6fd36e86cd0d86686de
SHA256 3a4ef34b1d552f5761f6935f0eb2a09e359fecb47ee343f992b419d1549c19b0
SHA512 7b58ed26bbd7dc2708cc6debeb18c6764a8dccb6ab49b9cd9c291ee23111513f9b4d9cfae37ad59314816263d4464265bea330182ed725c84b4e5434c542cc05

/data/data/com.wafukizifi.server/files/profileInstalled

MD5 fbc99bfd14a0170f7dba80ff46d7b9ea
SHA1 c8785c6041a31533870ebfcca4cd98f83f8b0703
SHA256 a83bef5a0240828c823dfee9ee1420d586b541ba5fb64283000e4943c9bd46be
SHA512 c4a3bf3897dc0c71dc81c2eb7644fa4f22dc4b9e9b882ef366171d8acf1cdcdc789932a3498e26be0443255b4e4f79f782de6d05d3b3682db46132123496a496

/data/misc/profiles/cur/0/com.wafukizifi.server/primary.prof

MD5 553f5641a72413daaacafc7ac36e19e9
SHA1 45c5d4c42362e3a7569891cdc1e8e2b6a20e7386
SHA256 5db2280c30d11a99bb0999aabeae5094ecc0a65d2be1a701e0a9673df7dc4b8b
SHA512 aec7674ec1dbb3fd82fafa3bb8043d1e66aa39ae215f7f7219dac55c70b5ada2b67b78478bd157bf014d490872ed758abbe733c4af986f63bdadf273374fbff6

/data/data/com.wafukizifi.server/app_addict/oat/NFGYpTB.json.cur.prof

MD5 f1390d184b75e6e9e2c820c2450caf3a
SHA1 e08f155cd3b440b80e99ca9da84af8f91f4a1732
SHA256 f4e83fb85c2e0699c7e56405b5f43283503c0c38317040e790bbefaf7cf3c3c4
SHA512 86d169dbf1c00cf8c81a3c23b3186ef999218f1ffffad8316d52bbd3f7d6f99e6a8f08d3a3e9b10ead36a5ae31c1ce03f507cf0cb43fea563258f8821ff807aa

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-11 08:06

Reported

2024-12-11 08:09

Platform

android-x64-arm64-20240624-en

Max time kernel

149s

Max time network

132s

Command Line

com.wafukizifi.server

Signatures

Antidot

banker trojan infostealer antidot

Antidot family

antidot

Antidot payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks the application is allowed to request package installs through the package installer

evasion
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.wafukizifi.server

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.wafukizifi.server/app_addict/NFGYpTB.json

MD5 4ea265a5115ca4553a2f49ddd4bc936c
SHA1 98ef66230d578b1439d8ff95f45279e2f22c6454
SHA256 623bce07ec9cbfda83dbad1ce35f3a6c9a018d2018ed4c3749c106010caf036c
SHA512 c1f6ebe4adf58a4ee69173309921699b577b761b9491d35d0e16563a3ca7a6aa76236b0f9a8dba82a572c4b8a4d7f17d4a34b8214b3a4f3005a31f47610361a0

/data/data/com.wafukizifi.server/app_addict/NFGYpTB.json

MD5 b0e5ce664d3b72ce27fd936ba50fc9f4
SHA1 5c003e9f84b972124465b1dc0500cb5e44644a61
SHA256 3c278b862d2689ae0f8cb6021ab3860035f9088b6b84f2b90b2f54ce9a3771d0
SHA512 b8e79f9abe0e1fe568ddbd2d0c0010c0ea797a02a106fce6f64d8ea1bd03c7cbb6559637ae4dd487026b9fbdab8c967dca77aff719735d7a6f5337c99cce1164

/data/user/0/com.wafukizifi.server/app_addict/NFGYpTB.json

MD5 c9aaae1e74411b132d2394bb0be61477
SHA1 b88481229124c0def855b73e2046cddacfff3e08
SHA256 ffd4d13e1f12225aeb58b15f8f2348b6be7e332d5f90bb8d218fa4ebf3510e05
SHA512 695e2033b15f7d7463599a8567b097757bb241ec155b027a56daf0bd2a69b5884ae3b8af79de2df98e217deff9bd474549babfccacb8f6aaef2df7eb872c1b0d

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-journal

MD5 fc42e89b137f008fe51b43fc4a1fe7be
SHA1 f680a1b702565c8eb204c3b5a3b41d5c69176a58
SHA256 854f12ca51df35d601358e075b5086b0e2b37e9259d51f880b41b9a8559ecab6
SHA512 cb698aab3032fca4820a6ad5b6870cc21a36b8d3ff99d7f56959276bfca80b7f12d2d1e9c23dfca563280c4a97da380020f6725e0ffd8b9ec80e19e7851a9e98

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb

MD5 b2101b8577e4301ada07cfaf84ce5871
SHA1 895e60bb0ff58f9c4547eb49cb4459bcc3c450fd
SHA256 741cc1204ee3e9a191fb65733d2f99d754e55b9ea6d2cff8959a20d19d96d0a4
SHA512 05cb163bd364fac17ba99cacd5044dfa1c3b2428f64b89bd98cc9598ece8ddd353c6522282bd21e474502b58cf4d5fed23f5e954b627c89e22cce16c597f5618

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

MD5 208fa767f81c4699ca9c38c1766c0830
SHA1 c279721a36f25c6a0111cbfd0d9085d4959de80e
SHA256 b3bce10b640e3c1e0712060548ffcb1dff6a457981549ee44d16c9ac4bd513a7
SHA512 a80c98c897fc6d8920bdccbc2ba0e243a018a11645baeda28ecc22f66184f8a96929fae459b0ed17565e02c7e2c3a7a32694279388d74183a1d3386219c19694

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

MD5 f3790add2bf86ce74a65db711058c029
SHA1 c1d80bbd84910e24f95842a9fcd2034b6342ca7f
SHA256 194694bfde9edf405629c72db351fa7109cab9dc1616f055d014c2738ff29e0a
SHA512 5b510740bfc6ed9bff3033201737236bcd8c6b27de551eb7d44999a383c37dd621dde358d83f000894cdceda93dfa6f364bc9eee1ec24577fdad43fcdd9da7cc

/data/data/com.wafukizifi.server/no_backup/androidx.work.workdb-wal

MD5 5d78ff34adc5dcbc23f13a115ce0ada7
SHA1 4dbb4f9a24717eec531de6284a4996c4eea917c5
SHA256 5f0643ad0eddde6fda6321045861585178a4231b00a7a755f3662c9808f12e7c
SHA512 fae5485bc5f610444ab52106373bbfc329a7d281c83db262f36577754221ff0c5e25c55710c816fc458060b89fd8b3499568f9abb04191b0937819d7c31a178a

/data/misc/profiles/cur/0/com.wafukizifi.server/primary.prof

MD5 55d76a4e1123e8a1a14c423161f826f4
SHA1 89281fd85e898b47e1a10abf842f0e3f477c715f
SHA256 94582a73f60c2f8f11aa02c50325386637307ae42694405ea6884978a150c00b
SHA512 38c8ca5aedac261d81de95648faea27e546e277f5e1ef5fe18586642d9b58057f89edb7d44ddef9b83f4894afbaf58bbd778b11835b31ad9a926fa52016813ee

/data/data/com.wafukizifi.server/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 42acb1c787ff06678da7779b001ac2f8
SHA1 449f96edf73e357fa4f3e3adec6ec4cb8f9e8386
SHA256 a8dace0dc497a3e5ba11acd0c4388cd733bbdd10077ea2865c1cebf9088430f3
SHA512 222ea7e8a49a56c5d15918c34aeea7ece107665166f4ddcf70fe3b2f1128eb5ccea46d41e0914d62787a63e1f517424a89b884d6503defcc89ba00ea2c56f102