Malware Analysis Report

2025-01-19 05:50

Sample ID 241211-st87tsspgr
Target version3.2.apk
SHA256 4e609c2edadf166dbcb5c492e48d8169d5a36b09a3698a1ef27cd681e9f36f1b
Tags
irata discovery persistence collection credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4e609c2edadf166dbcb5c492e48d8169d5a36b09a3698a1ef27cd681e9f36f1b

Threat Level: Known bad

The file version3.2.apk was found to be: Known bad.

Malicious Activity Summary

irata discovery persistence collection credential_access impact

Irata family

Irata payload

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Acquires the wake lock

Queries the mobile country code (MCC)

Reads information about phone network operator.

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 15:26

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 15:26

Reported

2024-12-11 15:28

Platform

android-x86-arm-20240624-en

Max time kernel

123s

Max time network

131s

Command Line

com.googleFe.app

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 lssue.co udp
GB 142.250.187.206:443 tcp
US 104.21.17.213:443 lssue.co tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 eadlt.sbs udp

Files

/data/data/com.googleFe.app/files/PersistedInstallation5859630424679275997tmp

MD5 f9a6a975ead16075c457e0144192d64d
SHA1 3012252b50255e51ab8706919ecc221c8f32d6c7
SHA256 e0613e24f2bd130019358eb461e40616a141a44dd91a684eeebf680e694cea1f
SHA512 b0f9750082305f3a41cbf2661db07042daef5bb950606e20699a7c32bbe1eb2ea36377b0330e3b51b228a72c53cb384694e4585e8a2433d60863c9ddbca8e353

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 5b3fc1fd05775c6236db3f8f7ed38086
SHA1 bffa713f126f7e46e9b153c57437aee8c774549b
SHA256 9df652e05a591f3eaa474a0f87eff777e8b08c1830cd54ff274cceac5b4a4c51
SHA512 316c93c878736607e738e71d6a50c690947733f24822bb0e777d228677087641e98892dcdc287f6383b00b1194e59b9ae41a83bdaac9f9c0b301b127cf118535

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 80a4c41baea5f2e3077ccc223074403a
SHA1 9e82b4deecb70aa223dad061d37bb49f58b57baf
SHA256 4730566477baf56f6918df92d6544a7ed087dce29ec5afe46870f18f3de0da69
SHA512 515c28941d8c6593acc49ce7ab2855af6a1982622030c4b44ca43431703d8f1a2d80787734f93088647d877973754229a14d13e3e3e22939969724e3cd96f03b

/data/data/com.googleFe.app/files/PersistedInstallation228809480171192709tmp

MD5 adcd5d2f629c6f24c70c097b59bdc5be
SHA1 94c44382d78d75cd980130405f861278713ad63a
SHA256 831de04f859294b53be9933df4da80313e914b48014616310f346614fe5f6c6a
SHA512 3952ccfa1b100126ec0d2513fbf1f3f4b5bb822954b1d053bdcbf86cf20a2f5a0c2d4ddd78a9b224f434e63a0cd4751aec3d90f2206dde38472676bee0e53354

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 ea3e52bcaf10b7c9227eccd2267c69a6
SHA1 ecdbb2969e9e08b41e80b7656a44a62884cb30e8
SHA256 1b3c92fb2c1cdd4315b3becee4b58a2f50f7ef507c598e22997f88b39a3c4a89
SHA512 9795e99d2605d759c3641b8e2a06ffd5d3888e04955a9938d73368b374472c23637d1b2343d89e81a365f6a978b8b2c499d9386592523e943fe48cc3349d3bff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 29d4a3ff400b992f82ade65d39f85862
SHA1 4e82b35242fe5f83f55b578e23db628a1350fddc
SHA256 660d713fa31cddc3e0ca98cd910ae83c9348a5ab29ac69015e07b527feb6e3e2
SHA512 fae6457802ba5f5bc18bdcb35c4ab5c34c0dd9797ebf6760af46e49dab8aa0950884d9c2aae4ff7747014a8d030b0ed5690a07029f8511607227aef004b475d4

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 96f36823854e1d39fd6839690dd3574c
SHA1 d9e4e2b57ac8a76ba332ecc2e37ae3858d15408d
SHA256 594aa2f33a5c48e8fd375ec702ca914e5ce934599aa5755aa8ca4d722e3b0d47
SHA512 2d24b713d44da63a3df3eac04007728d516521694b4f2faba066999055449a2ea8818aa7fac7c96a270c4eb91cbbf29c7ff3a8cb03e32b1e5f265b55a22d7ade

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 39abea1105a72cfc05f012a5ebace243
SHA1 dea1d090d8221a0c2aa035df776ef1dfcc47f67a
SHA256 e30d142bb1d2e1cd80d8b0ed2ee3e5cdba2e9607642115adf5b8e11d9793aa43
SHA512 f1f1e06e7fe7a36fd3c0190ed769b65aaba18d2b06744a4369f50bc17f31561fd22ed2339097003fdddf0e6b0f1c11a174165e58720cfd8a163149eace9d1150

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 1c276c72fc2435204015510c7ec66910
SHA1 ef7d3d049a9f1411aa45c8798b11fb37e51dc5f1
SHA256 761922f32806cf2873f88bb016776a617c06dd153821305548fdd157ab2e02d4
SHA512 e2a9754850a290ce8790f88004a128570b7dcebe255367ec2c74e000989b4801d1c22c315a0b355ab578bf112e78d73c4d9a122b77f7ca48115193b08e229046

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 2ce74e6d4332bee16efc13be567ca3df
SHA1 8d08a3572d378fcc8da38d6c5bfeb3a5f8737267
SHA256 a478518cab3e75f6f1e67db2778f4469ef42c36e678ef2f9d56e8a8c3a2d1842
SHA512 6f230c8069e95069d531f0bb2a2b7afbf9778e6f33ef7b62535c545453d99b5c9eba0ee33856b7c0b145cc8ee81943c7f89fa3d75385134c15af98c6865ab8b4

/data/data/com.googleFe.app/cache/1

MD5 b1934f4a849dfd4f6decaa58cdc0cb97
SHA1 c983e0b04390beb0b676ce905fba102bb7a7fc7f
SHA256 09b0d89d82845e668862cb06e0b2d54f96b9dfdeed27ef17b15ef3b03f128972
SHA512 ae38d9ec4a5371c705e09a803d780c47503f5d897e62ecaff3d4ccc50e6b873b5303623043255a39a9f380e50d2808cd9145ba383811185b1c8568365c184ce9

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 be381d4ddcba57136acafc47b2363c3b
SHA1 b7964dd144a1c5f5166dd0ca732fe0bec9411575
SHA256 a2b1652a0a61f844035cd8b54843b7bb3f0d8643a43f0675ea8a4b67f774b9a4
SHA512 628c734e289c5c3119e58a9e3485eac43c0122d575b76431979b4f3539a517657f1d75ecedfc5478cf49b1bea09d40c45a2156c13f428376517b3e3ad37aff41

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 21c7da9f82c436b63652acd0f0b351a9
SHA1 6c7856770b0906f5a6f403e56f0e8be3a8fa07e0
SHA256 fc8816ebad017cc0defd3b4f26678ec55be6de70f59b61ae102728ee46fcce96
SHA512 c92c9d04ecad92e3a76ff4d2ecc61358a6c59e83b9414c14d956c87c394d80082d157aa2c66a7f7109474f70da6fbd3d790df47fad359bff8faf8f49d433bec0

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 b770e2bb82d98eaadf483acf9d26d370
SHA1 ac8f6233cd74a26186121c69504aa9bc4fda4538
SHA256 e815b61d002f665e720d14934bba0c2d12f73c030fb6f2635f987fddd069471e
SHA512 0f12e4cec8909f32d17daa4dff69b180136b893ee406a1e13ede9d435e86e1d424734119f5fe4772f781b299ff123d8700c25b3c76df4612f7538fa3545a02f3

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 3e881d9a01ca707bed38018ac69f4518
SHA1 5820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA256 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA512 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 15:26

Reported

2024-12-11 15:28

Platform

android-x64-20240624-en

Max time kernel

122s

Max time network

157s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 lssue.co udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 eadlt.sbs udp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation8064265096395959124tmp

MD5 d3b6000b845c9f8f35eb4477e0e10838
SHA1 e9f6827428c8e224b3e7ca22fe4aff5175a9c1a5
SHA256 08100a2befec0d49c4a2dd3c661362894edaf864efa4e942b1a2094fa1109375
SHA512 69b5a080dc03b05d06896d4541f9878c191eeb977340935ec358346dba09719341f89ad2c6fa6c23cc980b65cb91d090555dbd169bc21ef56bb8d5ba049852ce

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 95900691a7d303a416ef8f8ecfe4c152
SHA1 6f8cb14403d3c4046e70ffe4c1c9563349e36bd5
SHA256 4f931758981465c375a93a9ed2fae71f13e6a5f7567be25ab39e4734ecbb8c13
SHA512 dc378bdfd8dacddc872f7365993890c5b737465378888629b7a12efe4b463e0c22a7ac2a94bd558989bbff593a6e25a5f2489adae9121c8d31193fd4b3db7267

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 376e2720be586e5e35bf96014181b60c
SHA1 f0036c288a6ca25f40908a27e135f2b15fa0a0f6
SHA256 d2f9eeb0022cd596217fbca21a42bbb18c920c436f3956b65d33229f2b7b1ca8
SHA512 6a855d9dc22538fa50fa45872f0e702c59c478e16387255d37e2eef6d7739010a010315ec4b7c493d37ce49f68c4511e55ec183b225d33f5d7dbe31c6097fbe6

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 5a270b203f5e0b4d44582259e04d2c2c
SHA1 33d707446b515c0dd368fa7cbd706ef09e1e906d
SHA256 cf114352db07869c38e6b290a314e23e4a3c703bf0249c128ef27be586022c2a
SHA512 8562b98d06440b338218c5da51788ef0c7be52eb15f68747b8b6117ec45470fd4759cc9bada318e9b36405d415e0821ef287fbb737bf766b176041ceb51fb26d

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 68dc39ca772ad484a2498fdc44fba0e4
SHA1 7b7a367900512bf2f88f3f3d8f2d6f261b90efe6
SHA256 85d4ccf7522e996ad3dca003fd39b7294a73e23d20004712e503e920915d86b5
SHA512 36ff2247c88192fc1a3e87154b2776e9f5a1b6d4954bdd5eb8cf2485a2616c98086079f757cf94c2b17e7607970b86ff1caf6b37593b41c7112fe5b18168b242

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 b91ec85586a0221b15e74d978be00b19
SHA1 d87637493b8cd7c8f359314dd718f3d9b7efef89
SHA256 77c8d69f094dcea5d3b88951299d2cb1c1c0b7e2e9530aa5ad32d61ff3b25ba5
SHA512 075027daaa2fab75b2bbc819589bc75b0f905b0156dfffbb5ec0e0eebdf2b1ac259424340aeb12ad9155d610523f6d67d06f8e0fc2257be97c5f7c33bd6866db

/data/data/com.googleFe.app/files/PersistedInstallation564633151334407447tmp

MD5 6e82d7ee67fa28667b6cc70097f537f6
SHA1 16bc9418cc9580d67e80048721654b190d2a0886
SHA256 c0181006ee01ba4e08bfbd580e4bd467fab95e4a3af1206b4525439e328a4546
SHA512 dbf7e58aa034f78c47d18ac68c95554e8a7344a76db9f458c82fa12ced0ce1b8a2463e333ec4533734715c825e8832b2b3ee4069c5134b1496204730af6502b8

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 4be257ee97af9c506969f9e6a455ca9b
SHA1 79e269da2c851ffa30e8d47b517db5c511f05b2c
SHA256 7197da6591c90dade0329a936a55bc2eeecf4a33450a3e8d76151802c226e5c9
SHA512 9bb34378fa51344ea06213c12188f95132dd80a4bbc6aff80f8208216012743e47e7238fd53938646c04799aac1918568ddf1a9770864ac4c9c0c08fe45b2c7c

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 c13747865403e49ebef2f43685561116
SHA1 6397e4b95fba96bfcc3eec6eb10f541acf02f2b4
SHA256 76583f66507b508aa7962f8598d8eebaed7f2e382e6071180f2fbd4756467986
SHA512 b81d3ec7723951657186c4e80dcd6a83ee2fcd4144118fb9d730d9f866ec32f621a484d4f4886b1a3b1b39c378b20437291e527a715167af9649ef9047f6e09c

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 54dd36f546bc5ee3d8307803cd887132
SHA1 56884e279c0977cdef6105957eede71d48bce1bf
SHA256 783f0b30641376ec2465695e7227b4cf4067cf42baa276f306f878eee12b4544
SHA512 8e99b9083953620e7a52e0204afa69334745918f3695a9e42452316cb09e99966f7e178649c4c101ba8e8b310072d2cded3742b0abde44c29b54522d6512f5f6

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 64c1eb73dd4d1a5ccf3770e2d5a9903e
SHA1 f33a750e3bbc9cd736c3e14527e75bb79a65581e
SHA256 1105d2a225be13d8873345223c20c794253b66f3338f3dd89f20a499606d060e
SHA512 56c4991baee9e6146aab5ea507a2e5d74417dd6c95743a93bc40a0ac835cedafefbc4b34541039f31d927e44506aec84722860e2923117343108f8752d8afae4

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 773e83f294cb54edc750271f50fafa1f
SHA1 faa2ed320001a400652774b3c0987bf8dde34d83
SHA256 4a81269a017243ddafa2d7ee2e9d157b0990b526f698849514b7038e427ae1d3
SHA512 82953d7ff72c65e35ccf3b7aa6b9879086e9e886ef6704448fb9494b86d5b0d3b77fca90f3c69c43cd2f2016f8a35134d2f237e076b7722360522486e9df6219

/data/data/com.googleFe.app/cache/1

MD5 b1934f4a849dfd4f6decaa58cdc0cb97
SHA1 c983e0b04390beb0b676ce905fba102bb7a7fc7f
SHA256 09b0d89d82845e668862cb06e0b2d54f96b9dfdeed27ef17b15ef3b03f128972
SHA512 ae38d9ec4a5371c705e09a803d780c47503f5d897e62ecaff3d4ccc50e6b873b5303623043255a39a9f380e50d2808cd9145ba383811185b1c8568365c184ce9

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-11 15:26

Reported

2024-12-11 15:28

Platform

android-x64-arm64-20240624-en

Max time kernel

131s

Max time network

133s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 lssue.co udp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 eadlt.sbs udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation8295612849810952154tmp

MD5 ca367511190d7af6d0faced108cbe93d
SHA1 6bda94db2bbc926dcbe90ef658c6b1c0401457a2
SHA256 eb2f7ecac7e701d8b05d8921f57101b844266c73d2e4083398060762a4d1b422
SHA512 21a51cbdc17ee139b2580ba0584c2a5e79171fc462b86880f1def68351fcac063c903f31288e052fcb84c999145a267d2dd3dee3f4902b3a6fa5c1ba55f48f60

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 5b16562545362766b6f9e80e790589e4
SHA1 d7054af553e7c8c75109975010e235452db04752
SHA256 dbc6210a9fe177a76b7dd94056cf0f7938b35e7afbb94faf31a5ebb399a9a3ba
SHA512 7217d306efee111832028e6d8fb5208c6d96eec52f1654b731e7c00c3e762b94c7838133b8536debbf3947bf4bd8a93175644ca9efffe66d4226b1bed8793a80

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 1f59643b47ee1474138573666b654a4f
SHA1 a30db9ff84e194bd2a2dd693b225be82ce416422
SHA256 22fb1f02922365e5f50db31d6463d122375e2e4219c7823265bdfa8a20edc98a
SHA512 a475c296feb683ad0c7778c90596c0292c26a0179414f00b9b0b28c71ebd598a134303b116052797134453b48fe7f817e4cde82ec976c62fcdb1761136242453

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 737021037f789c4d6f40f51aaf05bfe0
SHA1 cbd19093718f55afe7931f88d8e1cee7953a0fa6
SHA256 6ada18fb81c531678b5e93a2cb72f6c43613571e580f4215cd5867098798fcd9
SHA512 83bba22d104468b13357d707cdea9389bd2d53350d38cf9091b6a4eac490c27585d4ee9746603da8a4a0705916eaa869970da32c22662b9ce15db020f2cf01d6

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 7eccfd78580a006a05620fdd7202e83e
SHA1 5f30005cd8b3d27d3da7548a364436c8aed8ecd5
SHA256 9ba8d5b04266a1cb13b9c1578e02140fc3fc4c79b3c207a633a9edceaf93602b
SHA512 1a0573c81ddc5345c979c8a2fb3f92236c3e48c120122674d937e041d89ff06c7a29ea36dadda1715252d4f2ae7f957bf9e47d3e6f248d9a9bb3543532860a6e

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 927f9e56ad5490c00d3313c20d650df1
SHA1 a6d31654d1012fca9b0cff58471b3a049f14aa61
SHA256 15d9ae2d5cd1eee1e1043da63b2e683dc68ecd0d7a9a0624374b37f27303742e
SHA512 6a4d6d7ba84aa30f134e894141e15ff1f9d7792ee09c2954d1e193ad34bdc7dc51f4515fe5f35e99421288b8aadb6e56a9cb46005708b9e20ba4b2b3a3c8df54

/data/data/com.googleFe.app/files/PersistedInstallation5430598700658821467tmp

MD5 c3e94ace71a2a3aec41e2e3be885e88e
SHA1 4e08b30ff0f28c5a71603ab9e53b323a2cdfac5e
SHA256 3ff3d71aeb4e32514897bc16c56f26ea7add4053287d91e692ccd7e745cf9347
SHA512 f159cdc51b06b958b099ecfa10103ed6f96ce581172957fba42138d08978f2d6277339170b1d3b9f259c6160b68c258146013710cdbb78304da4ec9542ba5dfa

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 08a59152d5efe486183d3e2c2fc2e213
SHA1 811e8758a3c27ed6413f2f24e226a5ed5a30ab09
SHA256 104cfa7ebabd6e1de42fae984b900453371d8bf5eda8a9b77f44b1b1a518d95e
SHA512 9ff43f42f6f0f128be02358e6a2029134dacec0b7ed7087353aa830457ad6a1a124307e24e6cda0f2347b8cd27dc5936349c3a67fa4cdf5024ffcba3ba3d31b2

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 438d5b48a94569eeb725d2aa42c06de0
SHA1 71a4361e21cafebd465bc9acc59e620f9c8b31ed
SHA256 1f5ef875550c2e71300092f47e99437332b3f249264ec2f8ab4694e3f2483cfa
SHA512 61aa814a1c48c5707e9ee525e2135834f752a71201a80b6c82a9161631838412f9e0148ad52da56bcfe238af04349dac38159dd8095cb5cb6dbdfb388abd837d

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 6e15478e25a8e80fb1965a7ded4e8112
SHA1 c0e94257d91d26d8096f1b77778d818dfe9c6799
SHA256 5dae57a8a407355cd24055b9825193f57ec94ee92dabb6f05f2a49b11fe0d875
SHA512 de521960bf8abffed39fea4f19fc364bda618d1fc2e4be25f37232ff2621aa9c1e21f655011ca2914640eccf57367773781c861887183016fce381e20c040925

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 98aa3db2705a0540802d4f6aed8e8c89
SHA1 04ddc0e7aced36c36babe962ded3fc10cac076c9
SHA256 1e7f681702be64444e4c6bd153a206dc933acdbad5299bd800b5a47a8107d743
SHA512 1c7323217ac90305a2ce23fcd8a84f4ff1ef7cac39576a1b77004fd08e4e7b6e1238f68ba833a29ef42afa67e40fc08fc41691e80c010e9b6afcca7c70d1e504

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/cache/1

MD5 b1934f4a849dfd4f6decaa58cdc0cb97
SHA1 c983e0b04390beb0b676ce905fba102bb7a7fc7f
SHA256 09b0d89d82845e668862cb06e0b2d54f96b9dfdeed27ef17b15ef3b03f128972
SHA512 ae38d9ec4a5371c705e09a803d780c47503f5d897e62ecaff3d4ccc50e6b873b5303623043255a39a9f380e50d2808cd9145ba383811185b1c8568365c184ce9

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 c731a628a6cd95f93dcd060853374a56
SHA1 0b191ed82afd7e75dcb217b784aa62a4af787d2f
SHA256 68dfc3058d647be4cfccdec25aa42bae21854d8a3c0157870a82639e5cd3c90d
SHA512 1d4b25d1a7d835b24c7c7fabe0124d188eb37a40acac0f1d7c6edc223759d8a1b4086491c0529c36e2585067c50d8aa31335d8f94f25a1de465170bcd10c36fd

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47