Malware Analysis Report

2025-01-19 05:50

Sample ID 241213-kkgr8asrg1
Target version3.2.apk
SHA256 4e609c2edadf166dbcb5c492e48d8169d5a36b09a3698a1ef27cd681e9f36f1b
Tags
discovery persistence collection credential_access impact irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4e609c2edadf166dbcb5c492e48d8169d5a36b09a3698a1ef27cd681e9f36f1b

Threat Level: Known bad

The file version3.2.apk was found to be: Known bad.

Malicious Activity Summary

discovery persistence collection credential_access impact irata

Irata family

Irata payload

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-13 08:39

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-13 08:39

Reported

2024-12-13 08:42

Platform

android-x86-arm-20240624-en

Max time kernel

123s

Max time network

131s

Command Line

com.googleFe.app

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 lssue.co udp
GB 142.250.200.46:443 tcp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 e.site-1403.sbs udp

Files

/data/data/com.googleFe.app/files/PersistedInstallation1227527676321795406tmp

MD5 d0bab56a9ca0888db6f255482bc74681
SHA1 05098e781b26d07c69aef5d1e9a80372bf3376da
SHA256 beb2176ba85351d2dcabe1ddf2e8cef00f756a16246b508ab6eaa9ece09b7568
SHA512 9a7a39e803cf1eeeff3541acc28eddbffc7ccc8b9a290e90522f6c11e79418db23d7bb1bcbb329470394a163faa48ea7e390b3d5f23ced4aeb4034e9499930ea

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 60e965745f704d0fc2672378933937eb
SHA1 7738e81047593fbc4d37f23dbc74a039fd33b95e
SHA256 a3470820f3c0fb43c8342e3786b0f70d4380ff15297809dd4a3a096a47c13eb8
SHA512 0511258bc668fc286e79bafe259ef7ad940b1997de6a7815719675ac4675e1a3b88d6d719fa75dc7b63779862ca639b7ca44fe31bedb44c22e7c5b40746febbd

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 e08e95006468bfe3618457aa022c2163
SHA1 0a01122aef9de2e97b621a38d977522d8014a042
SHA256 a0bd76ba39f1a92dba151904b4ee88b579e735b7154a8eaa2df76040f14036bb
SHA512 51ba49f7f1c1fa9128a94052fe0fb88acf3872c3218d362cb0dd4dbc3106015a22225909bcdc6ded1caf9fd08019db4fb87a1835183adae522a8a9233da0c113

/data/data/com.googleFe.app/files/PersistedInstallation5353488290788171349tmp

MD5 fb2c6c3719088ea893a518596a72a49a
SHA1 34ce386db4b73cdd58c1ac7797ef4c38c7ba298b
SHA256 c46f2e5d9b3fb0b645b3540a8a6d5a14d5656257fbbad307ba3503f1c5111374
SHA512 4ebda38327f3c327326dbf5294eef8d0a43707ee1f667de88990e10616ed4a6f368253b70f370afb2f3ffafbc9fcb20e3ca820c9e2b40592d31acef4c5e7604e

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 2ff61aee99370b858f909b4ea2dc8b4e
SHA1 232c4d3249525f654c0ee62b6c1aa061b7bc7edd
SHA256 0bf744ab3837e58ee11a43ad00186a7dc2e73604fb757f63e70b00dc5dec9b4a
SHA512 1f9c8455583216bba36376666919c27272cf444b5b8242d0a4dbcf27f6ac29ae8da479d18d11768b10d8f5d3b4e9b66bd5c88110314459f3b80556e93fd1d1fb

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 8f0f2a353b609f84c3143c8120bcbd45
SHA1 596f005570a0ae7fb309c7764167d858c96a09fb
SHA256 763fdcd2713576b51cd780e77c93985d6b5d34a6fe0f044780758d778b7b3017
SHA512 093b2129817d42fa32ea4e0451d8a2b3b65d745e389d6428db944782ecdeaf9152a43138b362796f3e67429dd7215e8439403ccf23dd3bdaeec75cc6b8a41a73

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 c37bf12c14120cf4b66d85d1056b14cd
SHA1 59f36e645dfcdb6cd9cedad98126682bf8f0ec51
SHA256 11ce659035de1e80b3b5e01e054bcf078f4fec33e492f9a2dc00adb7efe90863
SHA512 c47971ee7648a7d5a27aaca2df26eeea08052e1965cee52d1f0b72e61cf68af53ba2475429e1a90c89357eddddee1cd9cdc615cd8777b076ef82f437a09409fc

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 abf134a8adf53328164b9aee10a70863
SHA1 d64fe9d5ed31e9983f38e9aac0385f8c41f85b0b
SHA256 38dda38667b5d31d01c6a0c7cb6db2d83e54a8623e36895d56d9238c7093865e
SHA512 a835e7acb728e381e1b461ecd1735066b688d01e6a0434c179f0c0286b26c15a73742c8b434b0a5814f1add24fbfa720c35a2bd4974dea5e3e1ec7a2cc678cb1

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 a8209e93b41382eee221670a06ef2add
SHA1 a10a82f1357c2195ce5993b4d4172c517ddfe65d
SHA256 1ff0bfd2efe902934ed96b367b9aa83a1af331cf6d7bf8b6a0dcd8eb1ddf7495
SHA512 ad8393c8cb66005069b7b8bbe2c851d9a348b55aba39e42bf4f84970445877b6a5400b54b5b2c02c6f6f66381459024b22c442927e4f61d26fad78a463d96a37

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 21144d22935843b927b238bd2c2f75b4
SHA1 c11f7e767df47f99580bfa8f51986f2cbb41ee36
SHA256 b74ec367dd77e13fa878628d70d0b5adc4efa33d750f581276d7e0cd355cca5b
SHA512 8d3f3332cffa74ec6872ca6f926a9f40d4e7f17dba09139073cdd84e2dc9dda9814ca3a9dfca46bf031d5848fbc511aa0fef8e87c9738a95da8fdacf89b45788

/data/data/com.googleFe.app/cache/1

MD5 ce2caab3e836f88c7e999792501e8013
SHA1 a28a0d6033576cf12aa39c17e36dc94395fd2f56
SHA256 521a6d6c7762a72698cb4e37773309f3b015773a72b40c53b0b015c6097bed9d
SHA512 21919dc956c0b0e7259afd887edaf1f014e85905b11cf579a7f9b2fd59ab66ae10925d2ddc01a3d2aee6fa9f218b1606526ed821791257f9905b47555cbebb84

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 31e0d71d3a5f9cf53ed1cdfadd7c876c
SHA1 b4bc24c3155c3deaa1365b175f0f29b5968cdf10
SHA256 89a0d0ad2c0e8e11a323583c6c20c73ac0af7dc949c1e1f5ddb6b1494d0ae198
SHA512 278128f40adf09d83b0c1e29ddf1b214cbf818082f86864ad8727185ca28ba1ef1accd8baeb4b591e7129e82981baadfb6a230385edaebc0b33423e6bf28d7b6

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 d0923ebdd05df330741ee3186331c077
SHA1 9bf04b6c1b9a0df11619166509dba7363c7ad938
SHA256 17bf1ac63eee9b04b9a3d497ef8eac784f8989da2cebc8db25570d1e90b697a7
SHA512 50c9e5816c0c24ea41e606d78feaa3efa92125c4f6e6ba1545cd7ce05190ed9eb238740a37a4978c27c8b656c05ac6d750711d2eb08424c8b31bd53fa05a58e2

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 462e6beb933f3b90fd14072ed193f7fb
SHA1 6ac97a8673df4b3b087cbeedad87f3f6ccd243f7
SHA256 df01728c9ee31d9ad4b14c9b25e0603a9d918f971f73bb87d5a8a9c836190c19
SHA512 ee41bd5a9cff57f3804df460ad096de0aa9a9ba05671fca28d8a33ca9bf4f08fd081c74120187a71b6001fa179faf60e7231face5ecb826c24f7bcb493e7d629

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 3e881d9a01ca707bed38018ac69f4518
SHA1 5820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA256 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA512 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-13 08:39

Reported

2024-12-13 08:42

Platform

android-x64-20240624-en

Max time kernel

122s

Max time network

157s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 lssue.co udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 e.site-1403.sbs udp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation1090371513502437930tmp

MD5 5e6fc1d4bc846087006f29b70e6e4d3a
SHA1 487213fd39870a80dc8f1962c8a00e1663b80ec5
SHA256 ddcc6211b27174e22a41efeba91405c51d452a2b28560da179130c050cfcbc8f
SHA512 75b5bb558d126d6c691113b113345aed46219a4453856464d65bdbf86aedea14956162e06045b65fcbc855cc770bf4b99dac0196628806e4fd24b9d300985fc4

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 6c36d848bd67ee5f8d89a7916eb86a4a
SHA1 5315c282f22ee4b5280ad435fecf28211e0bb8d6
SHA256 ba3840fcbc69a49e151211ff690fc9577fec2c0ea1667585d744aa6f5df465ca
SHA512 61e754802f4d106a38b463967a39bfa4a68059c6f53877f7142fc63b2429c934d145a33b0eb83077570b94d7ddcfd911598c00cb4264f7d8ea9728e5ad295e8d

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 dedb77b1edf8479666e129acdc34e3fc
SHA1 ec399e0b5cb6fa5f465bae8a1ee26e859d9ec04d
SHA256 9004802e77ad7f2a755a749b4c28275d54e2fb3f4f40599b12ab115bf39f5b76
SHA512 2931602a2c6f9a2fd980b9a04d2fe1fbecaa65350a3ad54929ea48d368566a8da5cd0b9e37802d4f4412b333900ebe297f457ad99fb7429fb7cb53792fb5dff4

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 b50a9b777d25fe6e1aaf0b863aadb49b
SHA1 3f239cdb6b7082d91fece50c32203fe029f660e3
SHA256 cfc1747e0ae29260ffbc50bb992efba719ea41c5047372c96f5c339b068b96c8
SHA512 005d3b4cbfd072b9547e76f0ce9e10404ea158a07c7a8cf02443e8e07c7c4cfea9ce7e89f2b7afd8f54e2651dd285a05c4c453b1458bf8c491fccc3acf2d0bfd

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 91c53dece77b047b21af66503f669375
SHA1 b4b6e3dff7f25c61e6c900f8ef1b674391709f1c
SHA256 659633b59c71e23ca441407f0e4d8a4d91c80d83c54f029a231062c58317de85
SHA512 6e947782c77dac06f63d7d93afc94b8fc983d074a1832bac1ef951f988ecd3adf2f44399c8fe8f4c0fbd50a2414bd5d929e9962c7f7773ba06b0c7bd7f7f944c

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 c532c68a2343d78840699590c67ddb76
SHA1 f606d966846c9b7aaa5140a5200c79518f271555
SHA256 0cebffe1709d35fb8c264663e704ffc5a45ea71d031096460831bb654ab7681d
SHA512 ae1692ce51505f8291534aaa4bf0a83b2e63e9b90b7c8e23e2cf76256b23bd95545d37143728aa4db9adcabaf1e470041ff555ab369c8d6a5e59389cf5cd5522

/data/data/com.googleFe.app/files/PersistedInstallation4021912078888206776tmp

MD5 66c1adfbd9a5bffb877fce53fccd49d0
SHA1 9bb26ac32239c14371386f4f396d34bee9887f6f
SHA256 282a5941b492e7bdb513f22be7d97fafa770770372bc0ed9493e26129fbe8fb5
SHA512 8ecc644d5f8fda6de1b952975f1138738bc8bb92b56e102eb302f12c1386b2d5c123f98ca55a4c7fb08c29e58c1757be578676b71b842ccfafca5429cc48b727

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 f196d271eedf50560922e2ccff5b07c5
SHA1 da93b5971e3c385bd50b80c6db8b6cd271528fcd
SHA256 b27e7f56b1e7275f558becb6e8214380541a0087757bc3023171d2417916e581
SHA512 d13fac0a18a5033ee52a07c4058b232ce16f1b3d5a8ce98743bf7e7f6c22edc83a9f413367cea1502a041def76e592d92a9c5186bdc73fad6092c573bc5cd9e3

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 71f5f24f66be8127e5fcd7358bfddd38
SHA1 c8e19c65d007aed2b5546ea0af1999970b51343c
SHA256 c9e52d3c46b793c254d822a1890debcc9094969a6b49974c2642e851b8a3e7c0
SHA512 03282f919ae880c1029563776ad4f95e31f4b62bd244949bc16b245167832472f2be8f30566c9effb340894c3e3506b9ba6c30d9776eafbad2e9f79b543c2adb

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 edcb91a4757e473a2f85a2fb976273c8
SHA1 3dccf3d7d7a76d0c30ef945e47abc32dc36a2f2f
SHA256 888c3caa749c9c8d35a06a645da90b4d2226327cf2f7d2df712c17c38ec2c6bb
SHA512 395b2cbf00079accb687037e1e45336fe93f5893c31286e9d5bacfaa1665346d4d205be356041ea35e7c174820793bc4b0f8a4fd1a075a55e3bcac9e23cb88a4

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 96bb81047c13d349d05d2f8924344b30
SHA1 4329c39ecc38e947b0e4710c598a44e4a196cbe5
SHA256 0ea16a14f485df4a0f721b6e2de171bad87a9ec87a164d57ece6cf269dbcc609
SHA512 c8234ae194d0e8baae8ef6efc1c3e097362f29ee6491a0b9ffc8ce4bec771d7f005cb207c59bff3cffd911bf94406040fc42be222fd43a86cb6b8d48b020754e

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/cache/1

MD5 ce2caab3e836f88c7e999792501e8013
SHA1 a28a0d6033576cf12aa39c17e36dc94395fd2f56
SHA256 521a6d6c7762a72698cb4e37773309f3b015773a72b40c53b0b015c6097bed9d
SHA512 21919dc956c0b0e7259afd887edaf1f014e85905b11cf579a7f9b2fd59ab66ae10925d2ddc01a3d2aee6fa9f218b1606526ed821791257f9905b47555cbebb84

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 a7fe9ef50c68712c5f37ff7584fbfefe
SHA1 4fb0745ca880bd9a882b5453757e59e56a783a95
SHA256 668a4275c11d6f762070e7ac91df1c3b584f20d06fa50f8c21ab14b54fecafcf
SHA512 806556a2406046fe569df318282d4add9f17934ef38839b872fe753cd578a55c070c005f3ea5059fb5600d02414bbb83d4d87f85aff970850b46d103cb9ab37b

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-13 08:39

Reported

2024-12-13 08:42

Platform

android-x64-arm64-20240910-en

Max time kernel

121s

Max time network

151s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.180.14:443 android.apis.google.com tcp
US 216.239.38.223:443 tcp
US 1.1.1.1:53 lssue.co udp
US 104.21.17.213:443 lssue.co tcp
US 1.1.1.1:53 e.site-1403.sbs udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 216.58.212.193:443 tcp
GB 142.250.187.225:443 tcp
US 216.239.38.223:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation8554641480324691138tmp

MD5 cf671106902e9504fa30572f58f5383e
SHA1 6f15d00d18fc67234d45f43ca04c5f4cfe7477b4
SHA256 e9c0fa9738bcb5ba543205eeb25cf5a927c6478535e5a5de3a06c04b56e1b0cd
SHA512 3519b76d2be54bdd1e5e159ccec6fc02c5552421a26752df31f4363c4d3936cc87bce66d3c283edd452ebefa31ed035eb5412e66a183b8332e53e811e58c8737

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 6d172c9a8a39125c9e51e7bfe6c569c1
SHA1 7694d7bd7e64d43f3f313c2918ebfa8ef09ab1ca
SHA256 eb5094360d748a02ba07729e3ef46fce36c4d5ce84ef47289b848f9ae6f164c9
SHA512 cba88e308901c16161cb5cf09e7c4f0581a23700f88745056b852a3c199dcfd50e5ea31514f42c600c504c40672792d2af24c4a6311ba14c42bcc635fd7e97c2

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 98daf7e2f51bfc3f5f945f6ff6c62bc8
SHA1 d4ee204ad5976bc39c20631a1845588a5c6da587
SHA256 322d255dc78464871546f18164ded75c54d5dfbaa8ba1014fe64d73eb59abca9
SHA512 ba66222b79ebdad79f8335e116028fa8168551c625f618d4db94b0e21ed63d2cf18812681400de66b3f7cf946b34d35820d11a658e24a0be43e6f2f3c3e997ca

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 39e9d5ffc2eacef30e7e190d3cff684a
SHA1 079b2453952e836123616c213318ed3fb52d6e9c
SHA256 671b41f4f68df12e025ea3c654571b63717886b385f3a6b983dc9162f0558482
SHA512 24bef524b195fa9137dd0e1f61d60dfa9e1a521e00deec9c4223143d267e63b9c111d46d6978d7516e12400fa99c94eea4b550b2b2abefa839edfe585ade0100

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 8c786b54575461509d58406107dde6d5
SHA1 b6d71497d0d0399487f6cfd58fa4a39d7f0a43ee
SHA256 6dc61b6937d3ad8da5ff5f70a0939d52fb38a27587999d2faed1aae161c3163f
SHA512 f59eb1fc42fdf39bcd943f7e9287dcfafb9b91d90390864f61854b65147805ddbde19355bb032912ddcf33849d67f2c21bfca4ae7ba50cfcd2dbd9a3970fd1d1

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 dc61350d1b6e01c4064d2e5c303870b4
SHA1 6020791c99fa3a00ca235caa4afcb0fb6d97223d
SHA256 a852a58c2676dde9d0e0e8037d0e5eb95eb628add709bd3af51af24d5107a1a8
SHA512 9b0680daeb016b417d7c6bc14beb2058fb145d11d5ec633098367229db644f901b69ff6f7218a4bd8f11edd3c31ff4ee8fbb58fe592b8eaad643df259c77af19

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 051ff4f870e035bf85d5d0456fb9483b
SHA1 1b035296d7c989f42041b02b92132e2afe8c6da3
SHA256 74f35715ab3dc86464afd0bf389ee20d78b66caec849c3b3803fa0f212a2bd90
SHA512 11c5ee085e745183d3440c8994d806d98032ff79ea6af1e559b2462a510d76d5f7f7ac008cd839db838ff61b93593a7beefe1fc9e4cc8d5f59703e92d21f8ee0

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 62881d5d58f2c3cd785bcb93228ff926
SHA1 3f69c2a4fa4b87050abdfa3a845aca92a841a808
SHA256 b7c7e2782e1fd4128af585c1243262116e4f61de3f0e5b0267b3d5ae7de076de
SHA512 d33b1485b1acec2cbb3bcb64241145dc5e1c6b5daee522b12ad3d5787df0d3479755e2f721d6bac425d2f4f93d210e4eee2eab1c55f83e648b5752146a986839

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 1abc51e280d0aae0d7359580ff40f046
SHA1 10b6d9ada12c6821649df0208c6ca2b7356c25b3
SHA256 5c4aa8fc72bea1f9dc6bd3e81b332b91d7664ed6e707cbd4e4c59f5abd70e102
SHA512 cafda4bc16013adab88766c86c6f9cd50edb6054b8f04557199959957287545ce52dcbee8142fe8fef5724ddf7bc959777975687599c5e503be0f45c2f247791

/data/data/com.googleFe.app/files/PersistedInstallation923559778113699790tmp

MD5 d8d7882269ac785965009db338b743fa
SHA1 8d788d61f805308a1bad902f0929bbd34e531c99
SHA256 bf9a42f30d00e95b74c99ccafcf8839224b18c83437d3c5669b7877cf03d0c6a
SHA512 3b49e5c19de4ceefdd8f9cf6df1d2229e78348f0887c49020184a439efed6c8a01cf55c4cb6fad5bd5dd8810d8379e426576d3c97580ac21c43673ed22a0b8b1

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 8772352b3c4f83f3586608c9422767a4
SHA1 a1977215b1ce217402c93fce918d24815ba0ce9a
SHA256 97fd78d7efe777129611d7d432a11298a2dfe7eb6ed64630b546ed67867468de
SHA512 9b59c0b8e3e1b07fad35709091ccf04d95f9a63890cfb5543e29e8e087a13b4c006bb2f9a42be4d601d8a416b343ee0002ac701a5120c14594dc700fbe3af6dc

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 81e1b87881af4373df6dc3a2881f36dc
SHA1 2c3934a0e0cb93d75b66dd24e2927bc682f25bc6
SHA256 b62dc1465d6707fbd9b4e4d9f1e70e5d652b7f952887962cc2b58882eb389f4f
SHA512 945fd2e53d1db129ee001be3d661f17c22b28a09b2973e1e07d68ef1c1c11218b67f61cc4027e27fc88efe743a66014e642481c2616f95a7a3b9715ce60d39c4

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

/data/data/com.googleFe.app/cache/1

MD5 ce2caab3e836f88c7e999792501e8013
SHA1 a28a0d6033576cf12aa39c17e36dc94395fd2f56
SHA256 521a6d6c7762a72698cb4e37773309f3b015773a72b40c53b0b015c6097bed9d
SHA512 21919dc956c0b0e7259afd887edaf1f014e85905b11cf579a7f9b2fd59ab66ae10925d2ddc01a3d2aee6fa9f218b1606526ed821791257f9905b47555cbebb84

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47