Malware Analysis Report

2025-01-19 05:51

Sample ID 241215-vqpecszrey
Target version3.2.apk
SHA256 4e609c2edadf166dbcb5c492e48d8169d5a36b09a3698a1ef27cd681e9f36f1b
Tags
irata discovery persistence collection credential_access impact
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4e609c2edadf166dbcb5c492e48d8169d5a36b09a3698a1ef27cd681e9f36f1b

Threat Level: Known bad

The file version3.2.apk was found to be: Known bad.

Malicious Activity Summary

irata discovery persistence collection credential_access impact

Irata family

Irata payload

Obtains sensitive information copied to the device clipboard

Queries information about active data network

Reads information about phone network operator.

Requests dangerous framework permissions

Acquires the wake lock

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-15 17:11

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-15 17:11

Reported

2024-12-15 17:14

Platform

android-x86-arm-20240624-en

Max time kernel

123s

Max time network

131s

Command Line

com.googleFe.app

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 lssue.co udp
GB 142.250.187.206:443 tcp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 e.site-1403.sbs udp

Files

/data/data/com.googleFe.app/files/PersistedInstallation2411827163495257637tmp

MD5 897b3d023688ba8eb5a7e0c9d53fbaf2
SHA1 0ad264a3be51b416902a73a7fa248ba99ee4cabf
SHA256 4ae70a7899d34fd235e523de3ffc88c65ddf92847e30ff57becfc98615c0731c
SHA512 7e5277a3a7e4cb2b338b2cfd17990fbd6f3ad32f624cc74a5724bc91b3f20e84cdff482aa8409b3a25eb71891dd6f3f068a8823ff738bab86b876f6b0091ddaa

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 da0b59821fa697d1a61be14707f8cce7
SHA1 4e2a9e00354839db4210b85ef61016339f7189c9
SHA256 f5e5662707b8dba7f4573a154610a1721f7d5b36b57a5e69b792dbd6a902438f
SHA512 840c13d2ed70bc1f59d1feb5a6e1bc5a1835bcd7e4d28df3edf4e83b44c9b8ad5ec0bb3dd89abb9a8ffe92e7707b2db673d29422a8d94102c8675583c4d9067b

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 ee5ef4b2ac31cf8e24392a19fe1df891
SHA1 62346192b0c14dec7a4fca481c852fb669509fde
SHA256 103969d9b1f08042937501f62fd737a31d82b39481b1766c20f874191ab007a0
SHA512 edb37e6e2336c25ee153915bce93f742f66176c875a1f1709b60cd696e462eb86a3e6c0bbd0381566878bb6607296dddbc2bb29cfb21bdba3a603ee5ac2e8c78

/data/data/com.googleFe.app/files/PersistedInstallation603090349174991113tmp

MD5 1c793db3fee9dfebf137578aa7ccab4a
SHA1 310d6099ffecc4839e404db1ed466ea1a055e0c7
SHA256 077a527b9dd13ea633ea897a8b8111564aa46d2e022ea5296a6bc71811a992bf
SHA512 c60c3129e61d6fe9ab0ab7db1eed13fe3ab57bc6cd36f07ba60c3cc07fa84789f2a695c525af7b7deb0d44fe8114e1c1090e58be05ea837ad16d4999848645ca

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 173cf9ce50bb2ef5de87dddf249c0b6e
SHA1 1764b0ab780f458c79886da28ddb28e4b6cbe8d7
SHA256 260e685ffa4052ed53a91e5d3d9fe511e8ea1de24e1217bc87074b433de05fc8
SHA512 6adab1be84db4e72a8ed36e481391c8395c7b849f8620f50b0cea6cbb74e3e4ff93d7a7c3ec2fde5c6ad20a4bf9dde69a34c67f6b43ca40c3964d224ab30d778

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 44e33d77357b7cbb0e4ba72f07f5a49a
SHA1 ec6a19be89893625cbd1e70221ef170876d98c65
SHA256 9f42d7413c1a483ec4f0444f7e72ab7a876703c82d99a27db1ae9b05e92a92c3
SHA512 c29b55fdfd749fd56d2e2837f9fb735f7e3bd70d3a98fc34afffa9e9f4551af8e3e3456ad5a110217bc13a35425d53051e010a9f32d3b11a1c39e9eecb2067e3

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 e9d5e9275f4d8df8c4dcd5e7843a0bca
SHA1 dc410c1c33495320a7580a0631ff542be40a4850
SHA256 5def8852a50230c5ed44faa232ba0e53e9da704aaf9cca7513dbab67c5abdc52
SHA512 929e9aaf9d4aa156cfd679ad03a3dde1650449fc7edced7cf6be83de75e35bdb09f341b45916181fb37a2cb131988d9741d76f08d6fda86af8e578c59ddcbbc7

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 47383a01f1a2a99776b7717362ce2540
SHA1 a693e4b4498fd1ebd6ad156e2ba2de0132547d08
SHA256 2f50302abcff7b3d5d6baa8f7036ee509104aa19d0ae7a182ba3e1a59e1985ca
SHA512 ea61191c6361c38a4468e77188e648d2f6be13b6744c4991f4a5da81d8cc8dbb6b5011a0e0edbfd98fbb62787fd216ed98a1409831a4d43874faf03c47f18d45

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 0057657e0d370a8e2355dab00362e295
SHA1 666ed5f55eb35f71564419fd0e4198ec09345250
SHA256 0a603465ebf01f4f2975e0e0dd6f99664e64f309c53139351a0a78e935e076ca
SHA512 7b32fb5a73cb94720bf11b82bbe2d793a23e9706f188da4105631cd8515af45c310c7506754552b005c95b81a3ad19bc59a91a677a7fd0f506e3d0eb03d63dc5

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 cb0f092389e55ecc66a979292bd9c45d
SHA1 2cb849e98ae0fa775cdb41009bff5b6050b6fb80
SHA256 0329051456cb6525e8c313f7c37ad7721b3bb82ab57d6d2780c83c514302c234
SHA512 31d3fc470734f5a923863d6080648793f671f88df9f6543853f8155bf506795c10cf9eabe94c1c104993f4202e47fa59713f079f8e99cf3e3e1f02898628d598

/data/data/com.googleFe.app/cache/1

MD5 ce2caab3e836f88c7e999792501e8013
SHA1 a28a0d6033576cf12aa39c17e36dc94395fd2f56
SHA256 521a6d6c7762a72698cb4e37773309f3b015773a72b40c53b0b015c6097bed9d
SHA512 21919dc956c0b0e7259afd887edaf1f014e85905b11cf579a7f9b2fd59ab66ae10925d2ddc01a3d2aee6fa9f218b1606526ed821791257f9905b47555cbebb84

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 3a5348fc5d63854631e7ff030f44d3c0
SHA1 b79dcfd5eaa8cb4f7de4b0671d918aadb86504e1
SHA256 502f2901d915e883192c5ed4d5e23a18d6a0ade63f6d54308e6b17b2147c93c2
SHA512 905f044a47f0e244664ff52025b7ff7f46b571a689414b01efb3898629d1b0f5f0420a56a038045e493c4ab7c70678d79ac1be230161daf2473c02a4cf277680

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 44450908a674b2ad5703f9db4f34796c
SHA1 d56ea23e4e47047d5ea2495dc5978b51d01f38d9
SHA256 a767fb824a8ddeb03949a0e2870e18371b192982538abecc754e28cbb15cb647
SHA512 bdeed76eac285c4626fb8841e78e2a2ca5e7b39224995e6f9cfb6b74893ea8243ccd4a6f81e8b3832e24a0cffa2f1c51f8cd1f65412770f61dce46f0e9ede630

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-wal

MD5 8d19ee7690dd38808fae7a1da2d57315
SHA1 85e0d6bfb20fb33427b002713682feb44b931dde
SHA256 0b93bdd02addf49514f9625bec52867166fba3ca594a51dacd18b8845245a583
SHA512 9b18fcd46528b9bed3992583799fe90808cb3930508ad2a449cc027ffb43b5b27f3a1534839750eec31fc755e6884bd79efcb39a0d8d7258f3f6a5b7bab154ac

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 3e881d9a01ca707bed38018ac69f4518
SHA1 5820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA256 4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA512 8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-15 17:11

Reported

2024-12-15 17:14

Platform

android-x64-20240624-en

Max time kernel

123s

Max time network

156s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 lssue.co udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 172.67.178.83:443 lssue.co tcp
US 1.1.1.1:53 e.site-1403.sbs udp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation2395302322738481764tmp

MD5 065e18ae23e1a345fc7ec8455e34ab14
SHA1 8b2e8b5c9db7efabed092c8e4fedfad894bc92ff
SHA256 a28aff6c2f1c1917a4012aec7a302d5e6ca7f6393733f3cb8455c41d5b45d04a
SHA512 37a7fafdf840f76045d75290bbc4b31a8fa5f5f08e8e925d5ede55cd8ac1e3f73f7df3da087f5e485fb85be23cdd349d7693b86b34f4275ecbfa435d6b7a5b57

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 bbad9895f9700d12166c650a4b80cc16
SHA1 9709302fc5f425cb69de5f0b1baf2e6550595646
SHA256 ece7cdd5e416f7989a8aea9e3fa0989a37ee9c669c9cbce06ad77e033ffbdc4b
SHA512 ae19aad51d244a210c75b1fae01c31a92b1286a2f92b02a9947536aadc39adbcbb0a6e33884aa774b633486ef03a45c163a3f1a6715bbf3421b6ccc21f01690e

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 84f1a189bd316ab8b49ebe423854e564
SHA1 3ae161daf4650279b315b4999702e592ee60eddf
SHA256 3e364c8a7fb774fd89863937868bdb5ba7f2a91de7e6fd83e8343d05c478d68d
SHA512 d4f28f095a842256d7e9650d3993198c1a1ffc9f98bf0afbb43e75b2c061543db7da855f99b23c26460499194e6dc19571fd7d611f2fa785d61e9a127c9f766a

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 ef4b7596435d22c316186afffd6c3067
SHA1 f224e7aa1c80cad185645a45fcb50eeec258c93a
SHA256 880ff4816b2aa95dac3401cf685ee7582824096c7ac34c229f07e71d5194903d
SHA512 44ea98572770d812cfa0096588a75be20f6284f8b0012535ceb936ece9bdadb6e514fcd9b12ee07289de1a18f30af6a33642427e0fad7b8c179ed9e891470e1d

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 8465b4266ec102a8d67e61ffb9c9da62
SHA1 9bb0286a3a990b9aafdf017276666a728b9a0a8e
SHA256 ae28d9b48fc84d19952e99332bb94ab93e28e4547e07765fc77ea5ff6f8b6344
SHA512 4032875e2efff8948ed0c23200450f3dee3e75654a4a24ddc7f1d7f873b8f79f44aa701e8bb07a4a97d12cceb35e43e33cc196dec62abd5008772a0cd33c8200

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 d89f698cec412410d27003f7f7464868
SHA1 d000b06fdf043cd19348ee98b808f019179f0167
SHA256 7f6662370ea69a843b09bf8e0aaca5ca08a73430002664b5586ee3ad174d7206
SHA512 a684da553fe70daaa7868caafc845ea8bacd3fe1abcb89a3aca304a2759a9eb24878e3b70f42acc037a7b44768fef154a66d166dd76ac5ad4af325fcf6a84c2e

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 82404b663da685d70abae7ace9262064
SHA1 58c5f0c19bc16473defe2c47bb73e24dcdb24db3
SHA256 f59a3e402c43bf593b372226e5b0d57f6adcc720fddcc1536835265944b9efe3
SHA512 281f8fd75c5cd90536da320ffb447eec78b8d5251a62b3974febfbe58ff5116d87c0d6d6b562e1ebeb4540c2fbf77e5c51755f729c8bdff9e3f6cf9f7d42df5e

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 0676cb64a775ffecdf1065107cd1863b
SHA1 9578bef995ed881f703b7854c9d3c88e06b35049
SHA256 c55b992eec23d3de7124217bb0ccd3661f4072d1b31ad9dfead6ff4f9edf5ee8
SHA512 be0ec657058a7821d8ebc082a3ac21a9ff00b5723e77deeb61ec666c169ceff182f9d1a05053d083a4412850c2f57c0c5a1248d63b2b04f121a7a2cdc50947bf

/data/data/com.googleFe.app/files/PersistedInstallation5014976922647002803tmp

MD5 cfce6667d095328f0334e66fc9ab6d12
SHA1 7c773c764603dde96433b6c0a0473ea1f1383e9d
SHA256 558fa8e772cbafcafd11570cf779e8bbccd018b760f9e3232d5274c49dc6a35c
SHA512 7058c0d843ce0f056fae7c5a68cc3fba07b0c89e521bf989082813b3943a4e8c260392fc11f08b9138dd40fafc260e96eda6f5beb1f8730c74397d6c131f8eed

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 8ba5fd44cb928f3c559e555b0b34a84d
SHA1 4215f6f7df2d156f9d8529ad352966728526c12a
SHA256 3b5ad7f561f033b542af31bac46077d989b3c6b07defdd50cc624e2e5bf013d5
SHA512 ae6ce1fe358bb4250faff52d3e20897a1be6a19f4186396aecba6de3b20397dc1390cf9d6ec44ecde929c95b544db4cd16d25e192b7233d7bcb728581b271821

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 4831a1604f2acc32dc9aca7b5585e628
SHA1 c0df477fc7ddf5560de3bd47454748db01c001c6
SHA256 1c93a690c587d23c85c6ae7fdb8afcc4069df92def689cfdb8b34134570a6c56
SHA512 3a94f45c96f7f08c9a4982446c9f69645a96fcd2f9318fc2139be393653ba812a0f4aed1341213c4c5b36a2baf1f93e16e90564c1276d3b42bc8823397db565a

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 060730919e0e10a53170b97fa9455b6c
SHA1 fe140ae5a9e8d5331b2bec3908ddbc06063e522d
SHA256 64d1aa7e922cc93a00ba3b31c04aa0f9c0a22f21b8002ffeb4072bf074a52dd1
SHA512 1c35141aa3989e8d372abe7223d627709a5739fe6771e524c4575e35ba9357f28a5b16b8ecb5a6a70b9db54fd468f4a4c6caa84f40d241ed3d47a4986eb6942c

/data/data/com.googleFe.app/cache/1

MD5 ce2caab3e836f88c7e999792501e8013
SHA1 a28a0d6033576cf12aa39c17e36dc94395fd2f56
SHA256 521a6d6c7762a72698cb4e37773309f3b015773a72b40c53b0b015c6097bed9d
SHA512 21919dc956c0b0e7259afd887edaf1f014e85905b11cf579a7f9b2fd59ab66ae10925d2ddc01a3d2aee6fa9f218b1606526ed821791257f9905b47555cbebb84

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 adf6082723784327d7d1b34adf974e7d
SHA1 b1502f70eb881a1dfe41139cb719fefb877ee37c
SHA256 252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9
SHA512 762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-15 17:11

Reported

2024-12-15 17:14

Platform

android-x64-arm64-20240624-en

Max time kernel

144s

Max time network

134s

Command Line

com.googleFe.app

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.googleFe.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 lssue.co udp
US 104.21.17.213:443 lssue.co tcp
US 1.1.1.1:53 e.site-1403.sbs udp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/data/com.googleFe.app/files/PersistedInstallation795644168837907978tmp

MD5 e9c4becceeddd68a634cb233b7774555
SHA1 c5fd525a301504bfc6585d7bcbf233e8f5e8f902
SHA256 b59c1ee01160d313c3b17d35ea948d5abdb301c3642422ff8a6f662ed5a9dafe
SHA512 4b8471824dd953dffb745978c3fc67f5c90ca4f1484ae17a4d0105e826093d6e27b92dc56fd8d4408646322c5f341d4a49bb8710dbef912217d44f47a70fa694

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 004f6795b8a87bcefcc4ef60177e12a8
SHA1 1ac5146166a01c284def55ee704e251806fbbc18
SHA256 f3ac7fc22af131a3dc0943d007776385606038c4ddc605b6f06dce6e47519db5
SHA512 853e50e312f081c5d319a7741c9e2f4d4ee0fa5286379adce66fc799f450354b27917a784e200a83791ce11b6c58dbf9a054cee1de5b96aec42a41979aae6025

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 aa3bda2457e7b13527c6d4a662c887cb
SHA1 701799a2d51cc3f59bfc3f888195ece8577174a4
SHA256 ed35c0afded4da4943027eda7991b9b8646a3e21c2ad7b5134209eb80faf380e
SHA512 e2415945e7adeebf97b48d3a099ba37a5a0bd0571b418f9403fbf3d130b9369f87d0fd27c6f50ecd77ec3853cb7ff324c36d3ce8c8959abaf55225eb920965c1

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 e97fe0acb303648589f9946a10698535
SHA1 2a7cf008c1cf0275238f2a47b234822660c3d321
SHA256 4f02628ea4428eda5f5b9ba9583bda797173244245989493a310e4f40230f6ae
SHA512 c8877e4de6c5c22ef70099416a629aeafb00f3222ec7db8d7a0487674433b4003ea5b8926d048522e10e263c97a2253af6946596a036ffe2c9ff976da3922e05

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 3755b5c5dc819cc2a04e8e8cf29e3cc1
SHA1 deed95c4737506c77c893245b131f4ec1360d748
SHA256 7c4bd40a08d1af4068a0832d6d6b6dd6682c0c4f573757d46b4ba9c03a9e1ec0
SHA512 c8ad370106d6887ab36af56a052914cca804254bdaa723c03b24ddfc783bfcad6b38d1795274e82c4f5a655588ce4229822b271e35852ec83d27a300e01e56e1

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 000dadb2de9898b081a49407f196b070
SHA1 93d1b9bc31c1308b125bc3d3000114345e6d81b6
SHA256 292df2f0af04971a9686b889a027838cb983975997f15cde17cf04ae1b561058
SHA512 a5362761b3aba0bacd1536882a9e261de07d41fb3e63611b0c7184490fa4ef027c4dcd91f42fccd64d1b1c6f7470f31ba06eeb6c45c3ea291550975eef2b5869

/data/data/com.googleFe.app/files/PersistedInstallation2183481474458326428tmp

MD5 09093459bc90678ac41c7c103f1979b0
SHA1 a05b2cb5de60caf2c7627e617bc457470b9b3544
SHA256 e54bf5f83884c98c254a9266d428275fc2841235c4e355fe7f486627034a3754
SHA512 cebf276d1c395e5164482b0e9dd061bbd70ea8b88d8b31c11ed9585c73b62b9268e67bd5da6e7c0244ca5228bd66a383bf2e01796b3950ca5863d263858a6046

/data/data/com.googleFe.app/databases/google_app_measurement_local.db-journal

MD5 8d17b6159c69f888066443889fd70535
SHA1 b5ecd975d591e9633c54e93e16593a08aa55f3ff
SHA256 c2f0bbf4ba4ab31f9ad5d2ac820019dd360da1e607cd36c3b3a8457a882c446e
SHA512 7533ad61e00101cee3902b65803bd6a5112f4de794e2aae885104a1827e64fe6b020210cc48ef3e2805bf17a955e9be0501f7b8b9149625ba7510a4662a0ee31

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 0a29951ae083fb5d89cce7b3d162028b
SHA1 324c6648c4df2d544d01a53f70e1219e363f8603
SHA256 823f6dbdd2fcf5f3e1a7259b7bf7f7747e190ce21e997c8aefad85065260bdb1
SHA512 cc271e8daf455fed7451cde7ba721fda0a52ae28b016a60a82290ab99408e129a20b4c922feef034386408a438c112681848e7a9687ac333a1acbb7b99c14efa

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 645ac01e736ab5a949fbae052db8b9d7
SHA1 8b9141fd94e493d453d971ef9dbc028339fa32f2
SHA256 32f314c8b2a9bcf0b67b50d914c7b24c898a0adb6e9631cbde93ce0ee7dd6f3f
SHA512 9f26ee0c7e9d26ea880e8da3871c304aa9b809f8022483ef14f46603ea7047ccb38b959e7ad9f46005a83173a80bd4e19d20c49b71b598cfef313943af8c35ad

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 4e803a94cfa13fc34d5f80a242e37f90
SHA1 464fb2f08e4cee9b1b23c62a7e9501f2993d2806
SHA256 c3ec2bcb435d8d00a5bdb8004424baf8c102384fbcd4957a1f8d18fea3c35c73
SHA512 e9f8492c9e4024a46d0c8dbbfbd12b31d193958778f51ca11e887edcc76c35bddaa358fe3da57ab00de625905aee7bf53f62756c5ff51635ed3cca33329b3a3a

/data/data/com.googleFe.app/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 6b43af3d45cc22f839a5b0031b4d5d63
SHA1 bc83457d378a2865e84933bc01408d71ec171461
SHA256 b5d194680d4609905cf3fed5c12b5b6d179b5134d5502a0303f93fd5d72d4dd9
SHA512 41768f55ff1ece236c2c4b7a48f0a198b91d1300cc10d9d0cedaae9d86984369cc49eeb41bbedf81401f50e0575d1333c4c673f12f0d6c11de421b985d4432ce

/data/data/com.googleFe.app/cache/1

MD5 ce2caab3e836f88c7e999792501e8013
SHA1 a28a0d6033576cf12aa39c17e36dc94395fd2f56
SHA256 521a6d6c7762a72698cb4e37773309f3b015773a72b40c53b0b015c6097bed9d
SHA512 21919dc956c0b0e7259afd887edaf1f014e85905b11cf579a7f9b2fd59ab66ae10925d2ddc01a3d2aee6fa9f218b1606526ed821791257f9905b47555cbebb84

/data/data/com.googleFe.app/databases/google_app_measurement_local.db

MD5 de82e2c94d2718988804b035a46d17b1
SHA1 705f5ff19093ad209f2a666085d6ccaed3bf58a4
SHA256 29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39
SHA512 68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

/data/data/com.googleFe.app/cache/2

MD5 c76013d165ef454e96824b1f62118c7f
SHA1 f9e0cf89bcf722d7204165ae26c131cf01cbff28
SHA256 9890e8131aca75cf93d9b0d92da3c653ca25768f93c29dcf486793de952fa142
SHA512 9b5d264af7541b623e5ab1f1fc96d572d5cd91df876351b5941646045bc3c268c10a822c6134aa8d25d81daf59e957a6c54d66757f3c7d2bdf60755d28d78b47