Malware Analysis Report

2025-01-19 05:51

Sample ID 241215-vqly8szrew
Target version3.2.apk
SHA256 4e609c2edadf166dbcb5c492e48d8169d5a36b09a3698a1ef27cd681e9f36f1b
Tags
irata discovery persistence collection credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4e609c2edadf166dbcb5c492e48d8169d5a36b09a3698a1ef27cd681e9f36f1b

Threat Level: Known bad

The file version3.2.apk was found to be: Known bad.

Malicious Activity Summary

irata discovery persistence collection credential_access impact

Irata family

Irata payload

Obtains sensitive information copied to the device clipboard

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-15 17:11

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-15 17:11

Reported

2024-12-15 17:14

Platform

android-x86-arm-20240624-en

Max time kernel

123s

Max time network

131s

Command Line

com.googleFe.app

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 lssue.co udp
GB 142.250.187.206:443 tcp
US 104.21.17.213:443 lssue.co tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 e.site-1403.sbs udp

Files

/data/data/com.googleFe.app/files/PersistedInstallation8813496258062479951tmp

MD5 8d33071ff39aca404259d77264063f3e
SHA1 38bf76408b74032d4e80e15b892943c8e208cb71
SHA256 a50ec8c7cf1aaade5fb6d1db398c0af64605133699e4c896c2fcf3c89edcc97d
SHA512 61e7c50ca74c8c311dffa982dd3e0994ec80eed696d317249eafe40b936efd9e3ded3d8c7db6abdf6abf99f51f9b11285812630e6c6602c0e0f703b553b382c0

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 6b947d9e987eb11eb8b1540cfb489048
SHA1 3a94e9905c953c3291c0126b54b31f2fac87bf3b
SHA256 8862ef1b7ed5f8c6c01c161ba03082ebdc74721954e704d3e5accc0f23a15f79
SHA512 4817c19abfc7f60fbafc75cffda4e7f2efa6a6281e3558f13c3fe9767d6a9d07fdbe672b75bca1e7fa852bfe0a8e159cf51024eb4c0571dbbd19df409f638a00

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 dc99eca66c78f3384f87213cfd2d76f6
SHA1 61da4e4ab1e467e6175665bccd9077765d750071
SHA256 115118ba6507e1d731d911b72b381d029293e76342c0df01cb4eeb6cf280a862
SHA512 22e1e3c2dc547a1e61b2a198446804234a345e7ab9751668dc629d60117c348c733aeba7c1034f2a697f39c8a3a84fcbb3234527b13d01cc9316b1a97bb615da

/data/data/com.googleFe.app/files/PersistedInstallation4652683796189192030tmp

MD5 e819d0d8088c3efef8b18e276ac17fc2
SHA1 c289aef2af0b063e92f969c2c83f97bd485b1d7f
SHA256 1385950e722bf4bcecf86abc6c0693e2998db11a62b49414d16a744688ccd0f4
SHA512 04161e4ff71549b8432459e7b2a87fa91089b03e9e3a69dbb60d0f7e000fb908cfa97cd0dd59e6c9f92dea142adcd84cd41674ea1005587fb82d364369d5e894

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 16428044fe84e6a976cdd3a5b3af40ed
SHA1 802805bc61c8642d862228061f9b8d7ad84c35ae
SHA256 56d798ab6242be1fbda98520b0ae05bebb8f6c8025e030e150ade14bbfa7b46e
SHA512 48d027c193454aaff1b2c062579a2b1bfe796549651749afbf32d9e7c98becd6b69123364bf75a724aa0914a9c56beaeb319efa5a37b094570ec7090d1fb57d9

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 199c87c8737d557c4dc52793222ccb50
SHA1 a9d20878a49927bc0fa16f60725908e98943b707
SHA256 6336e279ff433314364dfddcdd1a85569dc62404255f1ad7e376d4c3d89580b6
SHA512 4dcee4afd14d5c786b6a20e32667cde2795e2aab0a1bcd87e174eaa57cdb9987a85c79283461d0b69ab97a559df74bf8f3301c344e2cc579d669534fc32981bf

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 ec889d1b6501f1b8337a9972201226e7
SHA1 9f327b05784be7bcd522e86cb9e84f089e68b9aa
SHA256 8829d3a99d7ccefd1c85100256099480a7082c328b3376d114dfb59137d27a6c
SHA512 70ac26ff407621b8eeac2ab5c3a6877a5a57e43dd4acbe01faec5ae84103451eaf0ab029081af3d42a3506bbf3dcdf26ca1a76c0f73d8fd585b8d204967f0b95

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 6ce767f2b21264a1d05450a6c89eb7e1
SHA1 8deee629b9037fcf741e3f7fa705f5c05099163b
SHA256 21a401c8dba53fb0243bfeb652632cdba28cc2e52001a79bc17e1e4fc305de47
SHA512 529b38b155d6d78ac4441785e9682bc5ef2fc71fe5ef5a8903103f1500df2dac6a27b5bbeeb83b0fedb334975873e9bc03399b4f0903e9e636e1b21762a68bc1

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 275347c3976dd3eb53b701eb6bcabb50
SHA1 78584654c5bdfaac2d210cdae8e2d9da089304ee
SHA256 3edd033bd8872d7c6aac65b011fb7626fc3db4c6d0310a1754d68254e93d2c08
SHA512 94a75b3f526b615b3f3f5ea0631cc168e279010e6a5cc9badb5150f225bd4b88d6dfb18e9fe862b7f9cd29358deef34670db3129d5914a2acbb22414bcb80a8b

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 51fd3472d1c299ae4b83b087a280cf85
SHA1 49bdc42d4572184a339791efc9c05fd27c8fe7a9
SHA256 f2c3c835bdb0c181c6d4279e86b0de33ee195cef8ab5fdff24aa07e3cba19610
SHA512 8108e7da0404cbe81055be6f8e738cbc51fd1e65b25f4c7872cfad22a7e1cf42d904e8ce80decb536495c3d69456263d97cfa79375536f9dcf2e42a656fd7670

/data/data/com.googleFe.app/cache/1

MD5 ce2caab3e836f88c7e999792501e8013
SHA1 a28a0d6033576cf12aa39c17e36dc94395fd2f56
SHA256 521a6d6c7762a72698cb4e37773309f3b015773a72b40c53b0b015c6097bed9d
SHA512 21919dc956c0b0e7259afd887edaf1f014e85905b11cf579a7f9b2fd59ab66ae10925d2ddc01a3d2aee6fa9f218b1606526ed821791257f9905b47555cbebb84

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 89d1d293a8ff8b0c189aaaa8c719c5ef
SHA1 d5e784e4bcc3a8a5057d787045ef2ce914c085ac
SHA256 b6bb8a411a9882c77968c872d62241064790d4467043b5835d48eac7d56df5a9
SHA512 30bcfc189ba85bf294aba4b8d69fece67259d30eca56545fc750b6d8132b5e98fcf81d11a34ad9340d3e77f4bb8ca1b36c8e23046da6360511294be7da50bb08

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 cbe23b922c0e591a81960c1f935fcdfa
SHA1 9d10de8d79e1df38e3bde51f9e4a0f109da9da0d
SHA256 0d5e0427a194aa12a8c5648bcfb7f637fdd751dad11570e9c4ec57afe2d85c84
SHA512 c0740377c6b39dd48d1be4ace11201a62386c0be487b3b1d82b442b764175083090a71d0b2c5abbc8797b22392b1f0982ad771578bca097dd31625419129ac53

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 1f954624ce7657818c9f062563ed7cb6
SHA1 555a90e89f4ef303e11f1d85855dc452e9832488
SHA256 8df7b247dd21860fc04ee86f12b8be4083126d6d68e0de27f395a6b8517751f1
SHA512 d7e14fa8609b89361624cebb04d40cc855da7e3c24989a48855623ac8317000cb4a45e7329f5253ae31b7088368291f880deaa110ab9cfb3832c0a0cdd8b664e

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 3e881d9a01ca707bed38018ac69f4518
SHA1 5820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA256 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA512 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-15 17:11

Reported

2024-12-15 17:14

Platform

android-x64-20240624-en

Max time kernel

123s

Max time network

157s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 lssue.co udp
US 1.1.1.1:53 android.apis.google.com udp
US 172.67.178.83:443 lssue.co tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 e.site-1403.sbs udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 172.217.16.238:443 tcp
GB 216.58.201.98:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation3634731097678799837tmp

MD5 e327c2b17157a4d9caba98ccfb6bd978
SHA1 a57eea72a13a5e1a467e978e77ce0251511faf34
SHA256 0d9c92fbc080ba0da89f8ce737b58fe23bf7d3f77c4bbbfeee707f1c7368ac96
SHA512 341d23debdd92429598760e2f3f493b10ef5ff6fb39293f5d590d42fdeeadb2dc7bb601d6e8bb4e5e15f643f2ffb9149a658da168578bc05b199ebb8ed6e4193

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 354a3e9371a120af934bafc352d0fbb2
SHA1 3afc15e4650539867790036b8b312867fe2837a9
SHA256 3d70146b165306c0a9b0a4169fffee77724e0e52eebfb7b473df6cf916d939cf
SHA512 1b6b3e86a011cf36d5917af0be0f498725d6dd9c50ca5dbe395400fbf46b9e2bb9287e22e4ecdcc3ae1b0efe8321ff70486b442e1bc928a29846c4621b64cfd9

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 8a5d331edcde39a0e661c04a900b3d7c
SHA1 ad505b32ca168c0b2dd8ecb339f904ff14fb71ff
SHA256 5f4329f4c5cb020d683fa5acfcd29e2fbd7411f7439c706acda1eaa91b12e6fb
SHA512 3197afe4ac0a2d962c81a417a7365a8445919624a5fb796c29323cc6c481336b52300b188a6ca4dbd109eb75552188d5400fda5bf6286d1a2e03bd530f520db9

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 2d4ed0baa9cf0c3791cab4e3539733f0
SHA1 8380b35eab88ee6d0a1205f510a448d803ed1e58
SHA256 455aa4ca6727e4c28fd17a47484a6dbfdd78e1c25503b2cf0497e234d562f48e
SHA512 5407a132cd38c8d867f8c881d125a6263720bdf525205a37d2da437700630c98ff7e936a6e3a430d7564743338cd91cb0499af1a3f2449246cc818ef96240b79

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 942a81def0a42434583a153b60e7c06a
SHA1 684cd58000aacf1a99b72a8c957cda818b204813
SHA256 acb43153f3db36ec1278dad64d098af78b19058ed5cbb7aa0cdd3302f0bda2d4
SHA512 26fde50682ea387546976f25bf32b500205c826ca7ef974262305bf3b0cca5339b5f69533a05a424336af4ae468be031a783dd79dcf0ac505c1f65db605c1451

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 88b23ed3155770f58d52db1eeb82f302
SHA1 43a6f4daebcbc6fe970a7e080933eadff64a1a35
SHA256 bb3c2e2091815b3f5ebecfeb2229a33241c2ec348074dc034afdd337d1956e18
SHA512 1492d8004e657b273d263d21702d37e88bcb275a03b33b80a8e86397f85af2b40c5b10605332921a878af2ac35ce1386eae692a142dfd89028020d1b9585cfdc

/data/data/com.googleFe.app/files/PersistedInstallation3577487627560520054tmp

MD5 605e465f1def0d8e9d9416a3eb40cb48
SHA1 07740f00189d2575de2ad7648bbbb15f7a555035
SHA256 70cdd299ef630d81513b5cad57f2181651d2d1a32aaf65491bcabad1636e8565
SHA512 ab143103457c0684f911578c724f0d01ae411f99bde53b515f6ac04feec5625b7cd1af812dfaeddab8e79013c3e076d834c5dc489654a82f47fa3298efd76849

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 017e3702ab81279ea8dcc8910be38197
SHA1 08508038df0433a9431468884f57381e5c11d29d
SHA256 61f74b3210b418a190ff4f1aca694387c39e1e878f551c22f0e437223364883e
SHA512 bb42f9f958d5fca9327cb8fbef921c4908d3c97eeb7964a0c7bfc04044f93a8b26f9574f950d781b19fcbd94be0d93a3d8f3b3ac5fb5c3fe057b04077dfc5d88

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 e7009bb57bee137876f56f3f6cbbf234
SHA1 6536555034b231a28ed9d8f89227f2b9a61e2bf1
SHA256 a7191ed819e0f6246423c4342de44365dad1047b3769a938b99b202e61eb3eaa
SHA512 a1e11bcfa9e19fa682337244d01b396537df298ec76d9d6e2fd79e3b88f34ff2f0824d63d87b08ff8fe2400b57815cf81078d7493ed66ff8cf0cf65f602353f4

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 00eb87cced865ee210df910f11293a10
SHA1 563033df448866965908a965c753bcec1f4528a8
SHA256 eb2d8ca503dad0ea9d5e2b2069b02fd5ce43ed63c685e22ae015819bda600f63
SHA512 2da46d23c7f23f41ed7bc64afa00c32799dd214c18eca43f10ad9f6a9ce19c06f83b2cef49aa164afee0d7f685ce46605a861ca0c126bd0078cc3dd725e18699

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 6d3897b77c69c75c5e04a74db1e9bd9f
SHA1 44540226c7ee689a1a728300734b9aba0a6a67fa
SHA256 6c753b215c779cacc87cd77fe8e84e5d85ab03129f929f6b78428b176d664bd5
SHA512 f208bb29626bfea0502810891274542887ec553c215521e13bad45e8b8844700dd0b3e66da519a074f0922842d70dd976502d06586009a65ba29f4674772dd6c

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/cache/1

MD5 ce2caab3e836f88c7e999792501e8013
SHA1 a28a0d6033576cf12aa39c17e36dc94395fd2f56
SHA256 521a6d6c7762a72698cb4e37773309f3b015773a72b40c53b0b015c6097bed9d
SHA512 21919dc956c0b0e7259afd887edaf1f014e85905b11cf579a7f9b2fd59ab66ae10925d2ddc01a3d2aee6fa9f218b1606526ed821791257f9905b47555cbebb84

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 361d390c9af6288564b56096662d7808
SHA1 dbb544ccf1a67a0d865669e5a9d8857bb7696aa3
SHA256 4d2acafabd081d48f43c411c8ee8253c58d6014cd1adf3288c484c4150489160
SHA512 87c4dce4052541a1beccff5d1b5ed36f8e5959eadd05a40f502580e7b53b8d6f051d75f24fe80bd8b2a9c746ee5f8fdccdfd5c53a4e9785f347d1beb31ee2375

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-15 17:11

Reported

2024-12-15 17:14

Platform

android-x64-arm64-20240624-en

Max time kernel

123s

Max time network

134s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 lssue.co udp
US 104.21.17.213:443 lssue.co tcp
US 1.1.1.1:53 e.site-1403.sbs udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation5019512638850487871tmp

MD5 ec602c3a352f4d745d911436153393c1
SHA1 622f266e3c30aa47ebf26acdd015dbef41a16f58
SHA256 70292c83ce5ade6e309ba9569c51612e50e0f398b44fa3d55644812bf76c0e5e
SHA512 0fec1b3baf2a3a5860415500ccf53605bcc7344c8c9b4903c85c1534f308fc5e9e91cd626b0a82138bb162e0217f97806886f141f722dc7b5c42879a48e2c2cf

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 79e920e5c6d45bbd3353ae84b35d8d59
SHA1 aa67fa52b8c538cc9f48a7e224648ea966a69e3e
SHA256 93ab8a0c391931c0d117fe2b0a3af5b9e3a6773818a3c9399dd3c9f796467b46
SHA512 ab23a55179d046514af07133e4e7048ff549459451af83e86440a248bd9872776b3942c653977feddf99bac7d7ac03ab73184ccec6b1a22fd6700e44f6656430

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 0991ae5172f8c742d9773bba0b97ddc2
SHA1 718e0fc394595f3c88a2b12c771a9fc1ac5dd8c2
SHA256 ca7849b8a84d0d13f3f43b7ee72c7d0573164968193b41900709283211395537
SHA512 ed0552541455ada7cdc88016e06490715c2c3a85c2f3335484db27438edec47492ad32e50cf805c1d67eda7bd9aa21114b564bbbe6bd00a55a34c172fd859d98

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 499fffe1dd8fddf641da82ab949ea6b0
SHA1 59c079811d666e5c0428deb65bb93ad7ace786ad
SHA256 e112646b4bc6bf0054d02f18bf6f99ca6e0685a31536241e188fc7be33f0a54b
SHA512 0e137c6aee4bfe75ebe9c50e1de6f13c70dc76ee2b0235da1046d53f143d762bd2f32adcaaa5834557d6c2601277a068d393d4205bc378ef5c42e01e8372c0cb

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 8d373e13820ec2fbe6068960bc1eef3a
SHA1 1d7a12d7b8a3d751299760299e4833a9940502e5
SHA256 df238f3a40acf8a374ab1694ebf1246d0bce4b066124795b28f41cd1a19c800d
SHA512 705826cde461d514213d50620cc98c32b73a3dcdce1051960f35839d55895c0fcda2ab1fca7263f3bf6a75921d4b07498e0242d009859745765d86d3adbe6cd3

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 0ae7a69393ecb41ded446e2f59f75457
SHA1 d9f4b533c260bda2ad4ffc93058fd85bb89490ad
SHA256 4b5bdd63ae46a851ea975499b955e3fc51c17c97893ffa42c9e70c4e59f3b634
SHA512 04d3bf5ba95b6456555ff1a6119bff6c63ad34cd32adb37db007f6ab6d93fa1245e360956212cf153688daa7743acd639296cf57a0e60403dbb43ced983a0d38

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 8687b13f01d02c9e59a3953ab8b370f7
SHA1 e5ac0357de03a6094093ff2e7f042b8a9e9f85de
SHA256 e26a5acc5d2e77d5e9f09465eaf1bd2b1ec69090cff3f797154738204735bf77
SHA512 620e59b926ba47617cdcf031337b2b57d300a31eb553e269cec6d49eb6fc309e62d47a8a664f7402fb2e47fd57edec6467ca40031a43e76f641f2327fabf85e5

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 d088a1e160799aa552e113a2d8c2a66d
SHA1 ead663f90ef89c52ba8de2b5bdf078239576b616
SHA256 483384d0ad1454a32987c95d12010cfebaa9b5f944cd2e378d760fb2bf6a0efd
SHA512 5ad971d04196b1d62202a6c507bbfb46a6c6ac2764e206522905309075fb0b940251ec7ed85f0562efea7592b3ecc5eb7ee1ad12aaa55143037b3d0c0f1e24cf

/data/data/com.googleFe.app/files/PersistedInstallation2134876968387191989tmp

MD5 deb005699cf22d874914c09e4403ca69
SHA1 da5a88b4d39c057878decc3a3af87f5b07b98b9a
SHA256 f3fc360c2c5f6f12fe1b07ecc596c7fa795ec3a162a180552bb02a77c460f91b
SHA512 d7449ab13cae95979b2b91b446a0b962787c8d8f4ef62eeee5a0f2d9938ce8f4a2aa454fc36d2b1bc0d02776d3acafa81948723f1165f57d1c553350145b1a0f

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 0bafdc2d1b479e96d65792f41c44df39
SHA1 f1f5db9c045d047ce769c743f397e149927dd5b9
SHA256 e44cfe62eb8083088f89007e925606ee63a257fbf971f09d03bc790830f71677
SHA512 08bff68b94f7220a6328a5f4aa9c693b8497b31f94a300b9248974ec4c191651afd4ffcee49f5ad6f0e3d21922557d5cf1cf448acec4dab3c63098e04304f00b

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 a04411b246ec47a306e9991330b84b86
SHA1 e1eb0f9ff866c441bee5dfffd3e069d6edc5d18a
SHA256 2ff2c4d660ff0497355599b8a754de37502b08cba63a761e214170832a580144
SHA512 9c673224e5c0f0bae0b2febef2ebb9438e8d0e93a65bef835cc6551b143af0b7394d6ccd434cf0757f94a5ad69d3ee0e47cfb2d1260ecd9b9005cefe74cc3b4a

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 efdee110f142c6c7754d4ff71acfdff1
SHA1 8153ff5d022434af987152a10b1a3fe478185e53
SHA256 e57ed25dc08da6e04e2024c6538449506a20f5695f82601df584d24834cfec12
SHA512 a1cae92d7a231fc2fe63d8cb8342b92fc2767c20d0be99cfc181e7f6ed1a4e13c8e1b082fb1b908a96e854fea7fc80964f54614674eb3d59c489eb7584d04c61

/data/data/com.googleFe.app/cache/1

MD5 ce2caab3e836f88c7e999792501e8013
SHA1 a28a0d6033576cf12aa39c17e36dc94395fd2f56
SHA256 521a6d6c7762a72698cb4e37773309f3b015773a72b40c53b0b015c6097bed9d
SHA512 21919dc956c0b0e7259afd887edaf1f014e85905b11cf579a7f9b2fd59ab66ae10925d2ddc01a3d2aee6fa9f218b1606526ed821791257f9905b47555cbebb84

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47