Malware Analysis Report

2025-04-03 14:09

Sample ID 250228-xkc59atyaw
Target 21540224260.zip
SHA256 700feb6516b2b9070283a3e818abc7c1735e08ca750ff6b522737f2ab3cd77c8
Tags
collection credential_access defense_evasion discovery persistence tgtoxic banker evasion execution impact privilege_escalation stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

700feb6516b2b9070283a3e818abc7c1735e08ca750ff6b522737f2ab3cd77c8

Threat Level: Known bad

The file 21540224260.zip was found to be: Known bad.

Malicious Activity Summary

collection credential_access defense_evasion discovery persistence tgtoxic banker evasion execution impact privilege_escalation stealer trojan

TgToxic

TgToxic payload

TgToxic_v2 payload

Tgtoxic family

Queries information about running processes on the device

Makes use of the framework's Accessibility service

Obtains sensitive information copied to the device clipboard

Checks known Qemu pipes.

Tries to add a device administrator.

Makes use of the framework's foreground persistence service

Queries information about active data network

Performs UI accessibility actions on behalf of the user

Attempts to obfuscate APK file format

Requests dangerous framework permissions

Acquires the wake lock

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-28 18:54

Signatures

TgToxic payload

Description Indicator Process Target
N/A N/A N/A N/A

TgToxic_v2 payload

Description Indicator Process Target
N/A N/A N/A N/A

Tgtoxic family

tgtoxic

Attempts to obfuscate APK file format

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-28 18:54

Reported

2025-02-28 18:55

Platform

android-x64-20240910-en

Max time kernel

36s

Max time network

33s

Command Line

puk.rxe.bhyjtrrgokomkylevo

Signatures

N/A

Processes

puk.rxe.bhyjtrrgokomkylevo

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.195:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2025-02-28 18:54

Reported

2025-02-28 18:55

Platform

android-x64-arm64-20240910-en

Max time kernel

5s

Max time network

34s

Command Line

puk.rxe.bhyjtrrgokomkylevo

Signatures

N/A

Processes

puk.rxe.bhyjtrrgokomkylevo

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
AU 1.1.1.1:53 www.youtube.com udp
AU 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
US 216.239.34.223:443 tcp
AU 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2025-02-28 18:54

Reported

2025-02-28 18:55

Platform

android-x86-arm-20240910-en

Max time kernel

13s

Max time network

34s

Command Line

com.example.mysoul

Signatures

Checks known Qemu pipes.

defense_evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Makes use of the framework's Accessibility service

collection defense_evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

defense_evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.example.mysoul

/system/bin/cat /proc/cpuinfo

com.example.mysoul

/system/bin/cat /proc/cpuinfo

com.example.mysoul

/system/bin/cat /proc/cpuinfo

Network

Country Destination Domain Proto
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
N/A 224.0.0.251:5353 udp

Files

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal

MD5 aa56c9084f32c00985face6a4f3225cb
SHA1 dc9cb96837ea00e85c0c8c00221d1485a86194e5
SHA256 60c864d4b80047ac86912cb09742719a156c9ddbd535ae1b5f27947b5cf55b2e
SHA512 e7c1df5fdafd2eeef4ea96547c2cd02a17bb5f514ef8e92875a50cf226b216318b045b57763722bf32da80780701d22206abb7b587aab1651dc77932ff788781

/data/data/com.example.mysoul/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

MD5 ace86f170b924b9eeee37386b5ef0283
SHA1 1b9906333c8e31aaee422edc3f8378af31949203
SHA256 cd3db5961ac5ec3f86a113f87316c0e1277ec843bf58fac616da5a5bf62b6273
SHA512 be6f0dc4346ae6171a1135572865346e48ccd0e71980455cc5d1339151d9731743975002c260149bc58db36d4342d4c40e5e6b8c8c698a261faf2572f339a4ed

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

MD5 abc7ef0bb1705fa0bf129fde37680eb2
SHA1 71b74ccdbb8132412ff0366e83297c719cb14a60
SHA256 36770602aeb026e742ad7a96e1d96c64a14cadd36e27a4ccdda5a3ff209077ca
SHA512 1d38482c91b0b0ffd350bda1f6e31941fffdbf9615fd30a8061878b7938928fd44149c9311ea39fda83add97a324090fe1f3d07bd45bb30a77077bc5c482e6f0

Analysis: behavioral5

Detonation Overview

Submitted

2025-02-28 18:54

Reported

2025-02-28 18:56

Platform

android-x64-20240910-en

Max time kernel

44s

Max time network

45s

Command Line

com.example.mysoul

Signatures

Checks known Qemu pipes.

defense_evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Processes

com.example.mysoul

com.example.mysoul

Network

Country Destination Domain Proto
GB 142.250.180.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
AU 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
AU 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal

MD5 69cd48d053edb4e78a7d06cf9cb5d3f4
SHA1 5463b65652f63b831f4f4b5ee40443b97ba342df
SHA256 a4d001c8d9650a40c35b8ac1eb2a8bcc43f43044b651a21d8a8c016dc3bbc9b8
SHA512 1542b78e3251d8f834c89937502139ca67c7fe8423bf040fffbf1170584b15c9f9545648b6f47550a6a7a14dcf57a93eaa6c7ec25a1389364b7d4d7a0d0182b8

/data/data/com.example.mysoul/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

MD5 365fd369c68d5f33b3ec857ca2ae7d77
SHA1 65ca8b44bf86a3a34c5306e74d66d0c632d0be42
SHA256 36bae3b7eadd5de56c2566c2ecd2017e80608f6d5f3bbddc3b5def87d93b67fa
SHA512 016728a4c190f0a541e2576428190226963e6381053749f02b3a702e688138022562a1e826d3734368827bcb8f98714a72dd78926b0dc5c3e68a9140a21d67c1

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

MD5 87a2cd7e446884d6f341538a9459e649
SHA1 c5269bb0ee5c450c5eeb83ba70a10adea895bc86
SHA256 837ebc3c5fa08c1e5ee779ac74f5bf20afe0fd46e8f4a9d800bf134cc501826b
SHA512 7b47d9448ffc3cf2606d19f9889ef040464a4304074bd3e7e9b188ff72fd277cb40ef751e608fa556ae4d7644249c876d4983b52abfe1ccefa41137bb685a724

Analysis: behavioral6

Detonation Overview

Submitted

2025-02-28 18:54

Reported

2025-02-28 18:56

Platform

android-x64-arm64-20240910-en

Max time kernel

47s

Max time network

49s

Command Line

com.example.mysoul

Signatures

TgToxic

stealer trojan banker tgtoxic

Tgtoxic family

tgtoxic

Checks known Qemu pipes.

defense_evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Makes use of the framework's Accessibility service

collection defense_evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

defense_evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

defense_evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.mysoul

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
AU 1.1.1.1:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 216.239.32.223:443 tcp
AU 1.1.1.1:53 ctrl.f3fd7ab18e.com udp
AU 1.1.1.1:53 ctrl.f3fd7ab18e.net udp
AU 1.1.1.1:53 ctrl.f3fd7ab18e.org udp
DE 94.130.200.83:443 ctrl.f3fd7ab18e.org tcp
AU 1.1.1.1:53 ctrl.f3fd7ab18e.edu udp
AU 1.1.1.1:53 ctrl.f3fd7ab18e.info udp
AU 1.1.1.1:53 ctrl.f3fd7ab18e.top udp
SG 38.54.119.95:443 ctrl.f3fd7ab18e.top tcp
AU 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
AU 1.1.1.1:53 eu2.f3fd7ab18e.top udp
SG 38.54.17.176:443 eu2.f3fd7ab18e.top tcp
AU 1.1.1.1:53 d.patm.top udp
MD 217.156.67.219:443 d.patm.top tcp

Files

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal

MD5 5494eff7866c21b9e442ec755f22eceb
SHA1 e7270741f7b93a5275ef343bd7888dad44a33561
SHA256 f96266b77ac80d538816ed95297428c6d71e1915fdef502618b907bb1ff0fca7
SHA512 4ed0b4bf48374771016f730c01c647fdda200257d307ed59f50e0acb7f481c54abf7bd9b55c9f42977027b04ac7d1367cfd77e71cf5fdf5ec79c5efa653b4af6

/data/data/com.example.mysoul/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

MD5 ffba83f36bf6adc7e49dcf3e53540619
SHA1 acb1500c17a56525598daa4583bc056673c8781e
SHA256 24c5427455820f3aa3372fef3e6d2b988203998e304d0685aca9a11081856d0a
SHA512 0357d00ef9ec6383dc979d60265b4b001a54bf7d89d8e444a8cadcb470afd4a45f17181af29fdfe832ef64a0de5a270d1d444ceaa17ab69a9bf2c99edf39330b

/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

MD5 3d10d86fd97f6c78c5ea80c82af62faa
SHA1 9660af2303fde1fac1e229a4fb95be865bdd5d25
SHA256 bda02ce2c36654ae64ec0d3d3d8693668f2c95f4c3c9718242dc4251cbe8cb08
SHA512 90ad2aae261ba50728bc09cab887596ab1bf060cff3ea15a276cf5b1c9d5bed9da6ad4f041a538b761c99c06a8ef4e05e5ca9d1357edb2cc93476a06894eb5b7

/data/data/com.example.mysoul/files/cuucuThfufgu6678ybu

MD5 dd491ddfd0be140cd0953e4b030c6c95
SHA1 685838ada2ba4ba6b490a64b44a3041197b8b2c6
SHA256 28cfa98ba4cfba52967572d746445458001efe4188d8dc597d5af9b34da39429
SHA512 168ff3424b0619c447db15b9e037aab6b8948709167f97dca577a7b8a969a67c821d93ada82c34d0cc5de2089defba5d323be07354298758c5797a83521f59d6

/data/data/com.example.mysoul/files/lang/ar.json

MD5 b92cb082787ee39e98a9c080f0790675
SHA1 88b0511c8905f22f5a0c8f7b837a58a43499c682
SHA256 3e1d31391c55982feeb9d58bb92dfe1a2299db3c66b41a25dde77c11e07801d3
SHA512 1b24d92839025b9125dcbc1525c7ada7d51099d342cc5451875a250f23a4c9544df396e83edf812d5f0bdb2485f491f365697bed70899ccd5b82dcf6273233eb

/data/data/com.example.mysoul/files/lang/de.json

MD5 62f964d921a8eb475b0d410a8380265a
SHA1 d2d659b8c8fb865cb4cdb4b9bbfb751cb42fd702
SHA256 a7d9b15d8fa46da6c31578f18d06e6b8c255f34322c667753681223534c650f2
SHA512 11bba79ba7dd816aae16e5c1c73c5077c0d69efcafb559bcea426a56a0cf721c0ea257c4cb283a6050dac0993945ce742e6143bf1e184d7d6f9037d1be93242e

/data/data/com.example.mysoul/files/lang/en.json

MD5 2a991ace4822fc2c2dd65dcb41999c07
SHA1 81a941fec588c65ef6ed1349a74200b605d22427
SHA256 72acb728acc3155e39e3ebb853fc9ce0401a9f081836155e12f2121600e349e5
SHA512 0fff3e6f1a4f719ebed738324cb31d147d003e8b5ef9dd27e25903493e63fd620559d5b9c1ec16b8c5e9f91f2fad29fd4adff6daa07c6d0869fe25e9cf50888c

/data/data/com.example.mysoul/files/lang/es.json

MD5 42dbdc095240f21ca3c049fe994a4000
SHA1 d38b0c8a33c444d52019e50ec1d8a2534cb31086
SHA256 86d8ab8e308fcd32a27fba5999a44a1aa32f24f8c83176e1f8345c219c1ce203
SHA512 83c9b45cb2599e501b978066fe411240c60efbd7ff344d052b6c5248cdae59e553b8cd0139ae5012482962cdc97b7459fc876f2725384ef42c6ef4c0dfedcd9c

/data/data/com.example.mysoul/files/lang/fa.json

MD5 ec193595f567dac48f2d1ce8aff33b46
SHA1 114296eb51f7b743d08dbb2644186cf335d49c27
SHA256 5e801de20bf0084c1f05ae02be41816bd32d1dedb91aaf9a65d3194e80af88f1
SHA512 f5ba55520a3a7c68a3065f5ae60296bc982d3d768b92c08e0964c65b35be2d7d50facee7916975b608f7783025e11ed3b5bb6651a727879432a4da8ca5050ef1

/data/data/com.example.mysoul/files/lang/fil.json

MD5 4eaf47c22fc273db6cac1f9b6d150707
SHA1 0d4e3236a58782003510af3f540c767f08319a0d
SHA256 d76e6714f5a7cf39750c09208fb575b3c27709ac75ba2f6a8600fc29caab5fb3
SHA512 3936c2dd3b13f5bf49a5be13ca9f57655711e19a813f7ef941fdd78431ca28b70649834f90ce1536c30513a4060d6f3829ca13c292299c3ba95396766a079c93

/data/data/com.example.mysoul/files/lang/fr.json

MD5 588e57ced19e5e84cf80b72985dc2cf2
SHA1 43ee1e31d576c9725d4409ddf1fd0d4f1a72822c
SHA256 72036444bec9592d285e306e902a2d11c12a4f3dc938c9b51c7ccd5eaaa0da1f
SHA512 8667a85b446ce795a08b9b3f3b3f2ee6c2ffc5cd486fcfac017b36d55a9c61675ddb96e4c53e7a060f4a6b685692a84c1adac60c4416419360e61f48642efec0

/data/data/com.example.mysoul/files/lang/hi.json

MD5 b6f28e058147852f9dce34b2c610d568
SHA1 f3c2861be24968efd02ec830156e165e33be2752
SHA256 2300b9b9f8b1db6e5c42c9bf9190ad60fdd961cbd918201da8c5f154d75e8fcd
SHA512 3ee839838b1a6a82d000b1e4d609d0b76ad374c22ed79510b6d87df098d19e9498cb299d198112f2e8eba7280a2144c1ec1564fefc4d20ee0f001ca45dd3eab9

/data/data/com.example.mysoul/files/lang/in.json

MD5 9658076786a255940f7487eea9496721
SHA1 a6dca25ea041f5dfc214a99371abe8c9526ae302
SHA256 110cefb38b0fba84186646f841579bacd2dac35219ff61e1824accea23691d68
SHA512 04f73c03e99e482bac48374f4dcec14513484ab387266d1360e8aaaeb7b8242d6b25bf21baba2ca32a46cd2122bcd2cc4fb9f1c1086626d4d9c31a454166a8dc

/data/data/com.example.mysoul/files/lang/it.json

MD5 7b91cd583dfc590481ff01b2bd994353
SHA1 cbd2d3b803fbc7ca608af5f1b6f827b760f35529
SHA256 4a804a97858e2ec416fa25fc33e5deac2b4ebf8fb37b0a9d62dd996090997e3a
SHA512 a84cc358236624759978c1bdf1b287a9c4b2991fba3e720f7d197cadb0edb35f7beb45e8b83b36f2df350d38a2b1cf3743e02028bae7962f0a7377c85f8c7ae0

/data/data/com.example.mysoul/files/lang/iw.json

MD5 3eee20aa4cf758718173ba04f2d1a78a
SHA1 3df0641dfc79ebf2ccf819b003821e6e72760595
SHA256 716b4fb6b93dfd3e64d020f6d491c2fd007788523b5dcbcc38aafa70a6dc5882
SHA512 45df0473c591967f3c5376027787d27f8be92224b4afef2bd72f47553a66d245c5986a0491c732f1f7c371de286c88667677b49adc554a387a7c88bfa92cb95a

/data/data/com.example.mysoul/files/lang/ja.json

MD5 ce26676f8e2fe950d5e2f3fef72dd1e3
SHA1 0cffd0f11c5a64765f8f4b04e54750820b9729da
SHA256 f7c4a5d2def379fba1fe1100f31c6b0982b9d268f6254ebb425706d47a5590be
SHA512 6a0e22d6d9c6955a0223ed3d7bbffb0be69ec1dc09df4d5917a0c04ab89dbd1ac9369b36de2310ad7cbd00746161d3ec57d05eca9c8f0a87a0572edc52ac40ec

/data/data/com.example.mysoul/files/lang/ko.json

MD5 29a422a6fec5edda26d6ea953e0dde77
SHA1 700a5cdd75524645c10fc84ec0707697147b52d6
SHA256 970e79514f9b85cf5180c0d752817a78db199f2773458919c3b4bafd6b922ee4
SHA512 1deb05d6df4e22ac3ca60e525ba3baf3db16b2715eb8ad623acaffaaf9ca2d9597cf224a83a23918f36b0c89cf09d037c37d50da74421f33b64bf5ea28b213c0

/data/data/com.example.mysoul/files/lang/ms.json

MD5 adf5cf796f5f41061c39a81d9e3cfd2c
SHA1 0878cbccae3b71a4895d2e939d87247ceeb8d966
SHA256 ba83066b5e1e5b94d36a48b2c21d2245cf4240fc1080f003fbcb1bda80e3cb47
SHA512 376f4fd428bfcc65ad606256d441c82bdb3348e2cef0653357412d1e532ced986cf3433d4125c35258f20fec5567fc160bce4ad33b8b7bf9ec1f3b91c1b6d5ed

/data/data/com.example.mysoul/files/lang/pt.json

MD5 92a6224e4e0e5adc80dd86f02e4b5dce
SHA1 8d23227909458bb7e62ab7b6420bc0a5cfa96831
SHA256 42669b3b1fabca0de1ac237528fd59386157b598793d3fa45be019c0d4e7ab22
SHA512 f36e01f61959cee71ccb5a8a0b16bf5a62ba613a7b0bf13a44ba5cdf8c083de9d6a67589e2f67609003781c6e8d44ae0e9496ba8de52306b7d6bcd1272f157e1

/data/data/com.example.mysoul/files/lang/ru.json

MD5 77faceda71e4e4ae0ec3c1696dc27cfb
SHA1 ea52adcd42159b75fe988f418f549193c69c67db
SHA256 dafaa4e941539b9bfa24fefc26bc3dbc74e2aa5256544de1b4d292c6a3ea10fb
SHA512 91719bf5f3c85ea2c866455de9e6c74f6ec8cd023192d1da199d3a9b99ac8ab87bea196edca0fd11c4bbefe88da4f8a5132dadccd4fca4acd8920c0ba2ace190

/data/data/com.example.mysoul/files/lang/th.json

MD5 8c4f443d3371cffad317a3ef88693413
SHA1 1069cbe97d9a0a5b137daa8b2a10b0bb922f1283
SHA256 e060c0dd6a96031719b5a36cedf28375b4bded918b707f5530a5102dd9066543
SHA512 c3c865c68820c5863b5a1f937fce40e766e03702f29d7fd131ab552d155ab6ed694e1554228d30bd13a2964aa170716e28355d0074ed8064545185199c2a2508

/data/data/com.example.mysoul/files/lang/tr.json

MD5 8e59c1b565f37c440183e5095b5fd78b
SHA1 3ae91dda0450e6d6332bd5599a560868543a1a22
SHA256 07afa649ce3a2d1b642a40b7d3784172fd7da289c78036b1988a474ecc0a44af
SHA512 d0b25c8445a1668a8e528baf452dbcc7f274c8b591da2190967130fa5617189624e0e55f6b07fd9ba7bff43ac1fba0fff25116b29cd54089ecb30a838a6516fb

/data/data/com.example.mysoul/files/lang/ur.json

MD5 371c51545807950ecc0ec1b364bf1e02
SHA1 a680b0282c69367ec71d939cd2c0de0d76e3bf68
SHA256 ab8169e9b740b213094ff20ffebf7ac3cce49c25a689a9ffe0613acf7b9b4680
SHA512 5b09f51c8d8cbc2c44191869653433544fc5c42102c7336a0730e3191562033815291fd76071880d84751bb2b924e44a3afca78e5233c3871abe33f909350c16

/data/data/com.example.mysoul/files/lang/vi.json

MD5 161f64a16b5597e70b10248b7fdd689d
SHA1 32bb95f1bdc12b137181324b8a461426634946a9
SHA256 d993b1412906d9de741ee5b72aa66caf15da20dd74a8316d03afd8eab223ebbd
SHA512 5051d947c5854da2289c6432ec2b8310815407dfcc1e207d7fd3a71f5b099f64dcfcae04d0dbe146fb0fd6c0db3ad0c56dd7f911611e7effb1ee552b38262a19

/data/data/com.example.mysoul/files/lang/vn.json

MD5 d51a24fd4f4a73e0559be0241048ca1d
SHA1 cf7cd1211a64f09cc8d903f5bc661d9ffa563271
SHA256 383d8c03f7a1153a390b97d9646ddec03f0b7a20bfb3ecef45083757bb27f02f
SHA512 2bfa9a919b0f72ec9106ff6adc8ff66cc52122dc804ad7e42288ff3a2fd8e9eb01cad82e0674a98f6167bbf992a2beb12706e0b939f4f6ddd090b66a7538418e

/data/data/com.example.mysoul/files/lang/zh.json

MD5 bd828af3248901e02f306845943f6c5f
SHA1 ee8bf23d1e9c1aadd4cbdd13cfe8d591e4a9c8e4
SHA256 1281f1f36738923998cf687f4e7fab1ffc031fc6fd832c331233581df8f41205
SHA512 0134679fb92b288b667fecf9d8368fa2ee71077d991c15a55c1557c197463fde8c9502fb9691ce2c8877793518b537134961bf34f97cbaf48ebf7d5d5bcdabf5

/data/data/com.example.mysoul/files/langs.json

MD5 92f4fccd58415db0e92162a51e719449
SHA1 15f497fd30d342607967aa873c78865d9472c5f0
SHA256 0be3961d25c265074fe92a0e0f18bd6b59f7fce478a964b156cfb6573dff3c04
SHA512 606cad27d1ffb6d5e4c03ca5049cded29430665937c94f05f1b755694338639d69715025e55707275278d40ac54cc41ef6765211cf376db6a79427726c9b0aea

/data/data/com.example.mysoul/cache/sb115750678033398042962.mp3

MD5 1e581b53b7641e4d96ac69a4f927fd06
SHA1 39aef08f433878685c783423ee7259b516f98ed9
SHA256 93d95338dcdbd4ad5f2fbc8d506bee82543aa4da717c8896063611e339e7064e
SHA512 32340104e51aa7e79b7d1423f0a05b47c9a15464ee90244237b91b556c626b33c2b47d7f5dfa6ff3989ce63f8520d093a9277cc68fe56435d68667a817a3adb6

/data/data/com.example.mysoul/files/dom.txt

MD5 440c0b9b789a866fb48017fb9dbc50e8
SHA1 905bbdf22c388d60882e79376dcc950bf42838ce
SHA256 f7f98d17a9e57a03723bb8468c9a8658f6b7805a4c9c302a6ce238ddedbb65ce
SHA512 aca3c7cbc9366bdd9c5d9d7e44d1e45d5f13e48e0846a3bce26bc0323553778627191eb97581d797942bd844b28b983842808aa82c5cc0cb6d25b9c7fa301c51

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-28 18:54

Reported

2025-02-28 18:55

Platform

android-x86-arm-20240910-en

Max time kernel

8s

Max time network

12s

Command Line

puk.rxe.bhyjtrrgokomkylevo

Signatures

N/A

Processes

puk.rxe.bhyjtrrgokomkylevo

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp

Files

N/A