Malware Analysis Report

2025-01-19 05:50

Sample ID 241211-sqd8aaxrft
Target app.apk
SHA256 5d600acccdcada3cbdac0943e5e8c2b04b9b73d62397c835c19938449c42cbff
Tags
collection credential_access discovery impact persistence irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5d600acccdcada3cbdac0943e5e8c2b04b9b73d62397c835c19938449c42cbff

Threat Level: Known bad

The file app.apk was found to be: Known bad.

Malicious Activity Summary

collection credential_access discovery impact persistence irata

Irata family

Irata payload

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Acquires the wake lock

Queries the mobile country code (MCC)

Reads information about phone network operator.

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 15:19

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 15:19

Reported

2024-12-11 15:22

Platform

android-x64-20240624-en

Max time kernel

123s

Max time network

157s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 lssue.co udp
GB 142.250.180.14:443 tcp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 eadlt.sbs udp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation1411999473963901142tmp

MD5 9957ce8eab6c99665d63d65ffca08139
SHA1 31a8b1b4bb13c25236772e323910445fb7a8e94c
SHA256 409a8cf19db8b7ae82647940b9f63cdf2bffcb88257f1cadeba836ec59aaf354
SHA512 63693fd5aa78b82e2a1ee77819d807d62cbf4320a35e8d60e9b54365c30c08d18e59eaa0eb6062748b6219c17b309dd1de5dcfd47aa5874f4cedb04509a020d3

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 74eb3a37732444ba7a0bbeea95b2a43d
SHA1 44df74d053c9655a47b037376cbb55889d399d23
SHA256 816f71708805a3ed9ec0613a1b2692f2c59620e5f102c9906f477b08c67f75fb
SHA512 5d596d7305a08088fb1fba0ee3904df563dba7a16df510bc313a80498f86cfe4039e79f4d06af4e42364016fc9bd2f7a733e2e33422041d67231db22caafe420

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 595503616be72041390cf1ba8f9df50c
SHA1 50be4b9883e9f266e4347a805cb937c2ce9df83d
SHA256 f611fdebad53b573a5567ff504391fadeae8d1440e4ee24ffd93d65b1801f34b
SHA512 bcfbc35132e9437e0945d3516a212b6b24ed7288707fff0d9bd91c80865227ab183044da2fc2d73949366b202c2ba08d4870f4639d0184f649e596d38c5f17fc

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 7cb4b04651405210e469fece3765c42b
SHA1 96ceeaad146c195c47ff955e632b42c33e874869
SHA256 53f5b7261ea1956af838fafd0db2121ff357160dede9ae85413d763523079e10
SHA512 a60d0c713c0ac392a9181859cf1dcb617cec3b05a5b1ea6498269da3c3cbd31a52231296294523841f94241512d7b234a2450f0ea20bbf7e48ffd23bb22522ec

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 a7a2d89fe2dca569f740f1b2e827437d
SHA1 73cc04560a5db96e2b233b0846d732edfe0d5c68
SHA256 8d13ea96c177f91758d5b82df68fdfddf2a76b5e28472a77bf4f132cb9aeadc7
SHA512 03d80f64e369f5f9c4bca1f493eace5a959daccdf956ad7fd417cef4997f34ac0b00d1a7149c80f11d44a25d16802491ec6cefaacc82b40b6e49ad94be4d606e

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 ee0ffc74fee25374d86a3707a49105f6
SHA1 b35e52eabec932e0fc3e483c478b76cc0723b40f
SHA256 9099c16feafc2b1c98ed1feb548cfb394dc854882e9d77fb32da3384ce2d3c38
SHA512 25e6a0f34127abe3745dafd2323ccf252fa1a12ad50e9e871018363cac1ed235b95f7c4c2a2f867ee500cc77ebffd1ebfafee873367277646fe6b247ba36e232

/data/data/com.googleFe.app/files/PersistedInstallation7349257984023868194tmp

MD5 57f99b84e08110340879d0c3b47b9d63
SHA1 edb083b93bb14886ec1dc015097a965ee4c50917
SHA256 831fb781c49cb5e4a61b742829931ab0efb100e96aa71908ea2628a5c236f264
SHA512 57cdf973b0628fbd03e2c6b01893687eeba12dbfcc30d17a202afa9f8a49316b8cc7f839abe1d82db9302f4302f22204fca23d83ff1ba529d6b692e53bfa1034

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 adc6dcecf3f66783a23f320d9053eeb0
SHA1 18f94f16da1c68697ae8aa68ecd5c9e7525e19d8
SHA256 8ae40a16abb5bb10ec1fc3f6bf19515562cc0c3d4ca077f4201384102e42d1e3
SHA512 7bbf57662223599e65ef4c95a607c78577b72f160d4c6c76588c79e53e50416fdf4c40a241aa9c1cedfb0457bd98663e7c285b0c1ff4137740ae48eb2107f126

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 19cc3764ec9e97b73a844eef50ab5ff4
SHA1 baf97388e7df5b5c58c5d5ae9eb2d10d166f04f0
SHA256 822a5eb79a485ebc0fdff5672f1476eb96e7ffdb29c6e20f8497fcdfb7351fd5
SHA512 3f2500b7f566a38cf2098c923cdc3762c80a6deb1d1ffdf288679f18feafbe0132f4cdd9ba6680811c15debe49d119751a20decd38c9c187ef8dc3e73c150ab1

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 c0112b226b29c8843043d57b92aca639
SHA1 6c2defd92b78b03a3fd9c90a193e618192b29ada
SHA256 7c015d21df9b9a2ad159a304b8b5fc56d5d0099d89069d590766f2e2b853a074
SHA512 3a3e8a51b197e2c5e0ca99b2437fdac41d06c76810bd2fe7bdff04eb83453c3d94936384426169e94a7102b689bbb330c18737d27fa88dc0647e21a6634231a4

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 0a1054ef37e08f38ed07c90d1aaae97c
SHA1 e2807a99b4f31aca3f42a2fd5bdaeae72b487622
SHA256 a131c5caf4fe010e4d1eb260d08e9c8e75ca8070bfce8ec3a8e274280de88a29
SHA512 8ae8df456cc74ad4202452632145a28031c6e76287196c4afa936e25a678322f4b7cbcda45f6bdfd9f52ab38c902c764e148388948aa8710b5e75a1375a53341

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/cache/1

MD5 b1934f4a849dfd4f6decaa58cdc0cb97
SHA1 c983e0b04390beb0b676ce905fba102bb7a7fc7f
SHA256 09b0d89d82845e668862cb06e0b2d54f96b9dfdeed27ef17b15ef3b03f128972
SHA512 ae38d9ec4a5371c705e09a803d780c47503f5d897e62ecaff3d4ccc50e6b873b5303623043255a39a9f380e50d2808cd9145ba383811185b1c8568365c184ce9

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 8b6cb034d9c4d2c1d6569b67d922f0f9
SHA1 553682e339b87000a273f268a5f0d5847203e726
SHA256 b385634a3baa0cf92df50ed3ac8b436529808251fd0260b9dae2a7c75fdb1211
SHA512 599a1f7e87c23254c9a7951a17880224a93559047964c3261ce15246aca3eb84d71352ca1b55dd67c55c356d23c01572edd36a3b33eb53784663b017a81f0e79

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-11 15:19

Reported

2024-12-11 15:22

Platform

android-x64-arm64-20240624-en

Max time kernel

123s

Max time network

134s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.213.10:443 tcp
GB 216.58.213.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 lssue.co udp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 eadlt.sbs udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation4100686963550872241tmp

MD5 0aab55817271a873f0c2270959dd743a
SHA1 c94e23c15a8f8a8d02d901343aaff6f8bdec54a0
SHA256 c9455ba697a49c2acdc60ef31ce75fb485e402f76e2ff4c00698ca786369fa8f
SHA512 1089aad6ab25124c4bc70b5082aaf4772e762fae389b2c0b098ec31a5179532368579707ec6bb3d1517673273e776b7f4ddcd6d69e3bd55d68515bf9dc3e778b

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 cde2aae99262f31d48e87d1d1e50d074
SHA1 096983f0664096e11e69b05ac2767d7bd2cc224b
SHA256 a478fef6b616a92118349ce7aef445094dc1e480961e47b8d5b852b02b8ca07c
SHA512 686a47b77eb5ff77430018035604b08a994b6f101908de19afc2c571106c967f35dd40bb817e3bb7a62af77073db9243ec7e191d0d558700da1daadaa4326def

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 7605676aa67e394cdc62c3b3c2c4cb79
SHA1 341dc840199663bf274d759e8501057b7f055a7a
SHA256 133575258c03823e9ebd631632851e45301b73f52eba0cb1b144b36456cf6b1d
SHA512 0054c67d4a6986e18b2e3cef0740188b51823eedf1ad8e927ff06aab5751e1f8b5d990f09922b651091baf8e5a3dc8cfd7f5c1120f6873af9a1aa19027478625

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 f6f79cabc313a5670b72d84d91c1d698
SHA1 18ee59599590c04c87e681af4edabee23ef5cd1b
SHA256 8356b9cf52342794a110a4825eef7cc3b9be0b1a834693b964bbb61e828c9a2e
SHA512 3942492d4a83659870d17bed685cd5c05f0c2a037e05b55135531e8ca9ff52e56196afbe4d1bdfcfb923b558eaff81312d15162504ef9397d9bfa6628e050638

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 a9255518a4f36983e4ead62062a8aae1
SHA1 9177967bba0623fc508df5fd29f61827c4bad7a8
SHA256 c052407ec575b50d5f32cd51ce42fd41045e1c7407403483b62bd49d3f3fd6d9
SHA512 45ad6ecb116192309845401676cd49de45514f1c6fe3e61fc3d66c7eb5464b0ad2ef12c5e4cd5a2520021cc1df15132886369aec0c18b61afb9ec192b709c65b

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 5025eb28739ed9e4ff4fc9cf372930c6
SHA1 ad464548f294db1113e5b16cdf6cca5b2ae46e8e
SHA256 a4dbe651d0fdefc31ed5fb31ed9238872da59e36530c1b9c3c341d1646e77c22
SHA512 5f5e4cece9c4e0ba69285854343d5927b9a9a4d4a821f3874bbf543552f6f34a4d731a1161c41a5bb57dc392df9009df4ac84c501188a92fe0ab330b6f4ec6ae

/data/data/com.googleFe.app/files/PersistedInstallation3720743468547756711tmp

MD5 b617c8ff34dcec8cc62544dc983829ae
SHA1 967b4981de9a5612f66c69b7577ac8964319b1d8
SHA256 5107edc1d231fc1e36a103e9ae64416c61dcd18a991cdfcb5c0b6f487501f397
SHA512 4701333b0c333f08630c830d4c0a61b4515c2040bdeac0a22b894835e612b390b8c32fcdfcf2663ee7ab88ca277d87db630b7adffb028ee18d1ca9609fc20c52

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 7b00647c5b5762e67a27a719c40e742c
SHA1 f73674095986fb4b1aab37f664a2694d316face5
SHA256 e093c7a7eff0d0c97d83afb3940e6625007a881cc0100b4eac9b0a75fd32e0fd
SHA512 a411ef762b2fca18ea96f7d754a0cd1e611a1bcbfc2e8a5c80b893b19d888c8797b7218b596b5e0879fc963c36490821eb480b8cb2308ab446bf95a07fa19047

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 fc81e683a13a8ddf276e383cfd5bf27f
SHA1 71140b616822d6f67521c322fb6097d19cbcfa63
SHA256 67816f1084073fc2b2ab4c5dce83a189bac41792f5a368ad54c3d2b790da45e8
SHA512 61cd1e8bfef5f13ce0be206ae88643e9d005f9dc8326444f9c7d992bdaf6b3a2d51336e2c91c05e0bef8d0459a9c7dcd1c6eadac11473e720a1d7fbec7fd4343

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 e725d5c79eed5c570768b4dad6766895
SHA1 e02669d6348fa35c8c45d2d9b505edbf1ff8e203
SHA256 71948f6e36ada0a7daea180298f97513d177cc8ca7882e3de4e204fe0a362b6b
SHA512 0e441877720e8698602d640a58ffa61dc40ea1cdbdabb423ab23fe3f4b227dd4ec3ed38a1f386aec931c8a95ad8e278339ae851c8ddd3144a25f09aad44d135a

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 316129e1b2ec7d335fe99f447f5af840
SHA1 ca5b1e70c5e200b8437d98b220f200babd896c57
SHA256 6042e48abc9c5c3a505e458a7390de5d1dbf53a40f01a0d58b98e41aeffe91b2
SHA512 019dadd472513f931223f423341d6001667eaccda2b5ae9226a6cdc885db5478e8e5ce62f06fcf92090fd5854d9fd31a3f49a9cea804f3442c27b7a895337b56

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/cache/1

MD5 b1934f4a849dfd4f6decaa58cdc0cb97
SHA1 c983e0b04390beb0b676ce905fba102bb7a7fc7f
SHA256 09b0d89d82845e668862cb06e0b2d54f96b9dfdeed27ef17b15ef3b03f128972
SHA512 ae38d9ec4a5371c705e09a803d780c47503f5d897e62ecaff3d4ccc50e6b873b5303623043255a39a9f380e50d2808cd9145ba383811185b1c8568365c184ce9

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 353b64d093b7b8828f335bcfe981e68f
SHA1 4089883b91ef2c66a748a403918b069c294579cb
SHA256 33c2e7156b50a44f5ac167f71a65c303896513cd9f53cd664364ba62834102f4
SHA512 b48e09955f490d586d745554da60eb569bf3e40867dcf734c640767b59f3c861b09af2967920c2446b0f504d43313fd984b73a48203d43838c3256c15bd63446

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 15:19

Reported

2024-12-11 15:22

Platform

android-x86-arm-20240624-en

Max time kernel

123s

Max time network

138s

Command Line

com.googleFe.app

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 lssue.co udp
GB 216.58.204.78:443 tcp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 eadlt.sbs udp

Files

/data/data/com.googleFe.app/files/PersistedInstallation2127525020320741192tmp

MD5 d8a41cb0d51efd59b9a21b9572989d47
SHA1 87ce744d2e7a40d9dc5d1e602433cd3fba86a9b4
SHA256 a3430ce36094c4dc74d8cfb4d1f79cc606580e21d552d2a3d0612fefd8d1a942
SHA512 e240689848c723976abd9acc049b189e75456395176018bfd2b29398625a1ffb774b8e25884f9553d183a34d9d3ecc02e036bfce920c3b79bb17c162528a3a05

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 d5d5fca0c9ae8b5aa8605909a9ebffd4
SHA1 90eca521ec2f0aaa4179f5be68eae13824cdb938
SHA256 4f73d9512263ea652a68c253410fbc55289c5d4df17087fb283e42541b806425
SHA512 9f7db5dd188bd34fdc04b5733c561c3dc8a11a76f9c198b4f7e5cebe2217b89a3cc7ce160dd8af1a95bd63b1b25c9b4211459148facb98059d10038b0c448891

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 096821f668190e011ceb8f42a0a862a8
SHA1 b25f127da6185e39d69aa25f7ad46ea9fb146c3a
SHA256 32e29e039623dd106a434034b7ad1642e1215668c82309aeb12d15e60d63c62e
SHA512 75634af200cd638b1f08d1eb0b1d532d043207ca6ebc930b998b2b0f6ee3214c9fb50284167916a13ff6458b96ed1b4e801a66c9d449c1e38ef3eae3bfa66116

/data/data/com.googleFe.app/files/PersistedInstallation3484079683829653226tmp

MD5 6f225ad8e0febd2175e158e7637241ce
SHA1 724bca45ae808e2e8978c29175484755f4df9356
SHA256 c06cbad52c57169074b16865756dbc37d44474115a46fc5b7d7689eab30cc8c6
SHA512 cbe9099b1576620fcb021afe55a96cf3226f2f0d44b79b73b16260c8e10438541cb8ee2e5b4bdae978fe59c18747a79b1d4383433a8d23fd0f000e336356daf1

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 abb47ffbf0ae4890c01a99ac2b67d3fa
SHA1 16b524e7c6d108267f486ed60bf52db04ecc9146
SHA256 14793b4df26a73397a141c4794b7158d24392b9d545ffd8df85ef0bd31497845
SHA512 c77d2c2aa4c00624a980acfd8d15e8279fb9b633526bd5f32b220c83f948e61b7a2451641c5e16a9a7db151aea3b4b017534299e444c9c5ef4cec37d16fc10b6

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 6e669e8588f901650283e42c45148ee6
SHA1 0b40700d73d278173c1a94c6a9bb0aeedf2b7be7
SHA256 c350890a38bba9d179862d75282e86788d4107b019ef6dc84b9d6f6c456e1502
SHA512 2fdfc9a6e02e3e8087c452906a2177f44a24dbbc9e1ab4f9ae09346a06c2e8769be0e8132b5203b25a46924e8df0d938bb403ae16d37b6b23f898f1b5662d86d

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 8d977a4e364d52da3414050758c5bfd1
SHA1 f9acc1ecce1682327f813c8f628655c2eb20c671
SHA256 1cf5e116efe4dafd4814e88be5d3090446d87a0cf50f63f480bac2ccb429634f
SHA512 0c360f5e773b3c85af8178cef2b4b6be9ab898ded546f3f5e81f9ded1597d9b607f67bb9e3e03f8b23fc22d481615b3bf7f21dac33b86f71f04926e83a2960dc

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 f04e08b61ccdca786a62aa57eeeee5bc
SHA1 28e4d2a61c6d353337c15dea41048acc77884a79
SHA256 f86be3d305d29b642b6fb7ce676eb220fd02bf7015dfa59d38edf4f90a32b934
SHA512 9ec60b2c8055de057fa8a8d76d5cc31a91c2975e22ffe8cf070e7107e8d8e7dea3fe3961a755684b909c3296f211b0e61927b45357523d1550aebb9b4511d626

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 fe5b9467e5e686d4f586654b8cf1e21d
SHA1 48fdf19fb18a1912f58a90f857623bf22a46589e
SHA256 f412431d211f1fa3ba911e488cd3d85003301f8a5998a5ec23e4be9d2c3cd222
SHA512 1fd86bbf7dadc4b53dd73e40d80367891d8355446d57a47bcd311c4476bad02fbbb5fa1234a8a5ecc9477fd914c7dcde22543ed994988d075cd1baaacb3a70ec

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 d3707b6152555b32fdca94875021b2d4
SHA1 618a5dd4dc750f90a82badbf5ae1286fdc3ab148
SHA256 b4b3caf3996bc077e5c82fa037e2cc0b3234fd8698dd715d27cb51038be2c073
SHA512 8e97e3dd6b4dc04fa460e7f3e3eadc0d79885295c1fe570448df927cd9e0fd59db99e6c627a254bac7e0a0cd58dcf7db27c38bebf637c263ab47584639db8dd1

/data/data/com.googleFe.app/cache/1

MD5 b1934f4a849dfd4f6decaa58cdc0cb97
SHA1 c983e0b04390beb0b676ce905fba102bb7a7fc7f
SHA256 09b0d89d82845e668862cb06e0b2d54f96b9dfdeed27ef17b15ef3b03f128972
SHA512 ae38d9ec4a5371c705e09a803d780c47503f5d897e62ecaff3d4ccc50e6b873b5303623043255a39a9f380e50d2808cd9145ba383811185b1c8568365c184ce9

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 d39975b44831479bd9a519236a261e57
SHA1 955b8c341c8ca082546d73d020f0fd38adaded78
SHA256 85846702fa72f63c402725996eeafd3a06e036ec3775f15ef2bf6080f24122ca
SHA512 fca0c54459708ddc58f3b4fc88330dad9ddcf8ba599bf96c980a5ef0189215f1aea33e8144b96fee00c029445a293c5e4bdafa28a8b152f97eed764facc9ad59

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 b8096b67fa30cf13681c4b1dc833dec2
SHA1 b994c437f5a27e700e551f07c4c607fdcd2a576c
SHA256 632330c29fda1f90d2cbfe499f0dbc464ce321d7e51deb9bbb8a460842216bde
SHA512 5e1adab7e418ca9387a5e45de50f10a1174e7b09b810c229a6f93632acb27e949f5986d94bdc7e2bd0301e62babe6e4419975eced155030d483d52cb7f5c55aa

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 4bbff8ad07c1d0fb839fcad7d3a45088
SHA1 e9c9508e27f387289c169413df30d2a293a019a7
SHA256 8d1cdfc4e324b2a114153c0a6f0e306181fe31fa1d1914e40c364ed8b8d364df
SHA512 d27b3cf63e885248abf09f1871ef1c47f1f359d41f794c65cbe7273ba00cfd777c94b10b82b6cd338c7dd05a80a112e8c1661967677dc139662fb00a10a0c4fd

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 3e881d9a01ca707bed38018ac69f4518
SHA1 5820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA256 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA512 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47