Overview

overview

8

Static

static

Android APK

android_x86_64

8

Analysis

  • max time kernel
    3881379s
  • max time network
    162s
  • platform
    android_x86_64
  • resource
    android-x86_64_arm64
  • submitted
    20-11-2020 20:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PandemiDestekOnBasvurusu.apk

  • Size

    1.8MB

  • MD5

    184f3e4e3577530c667d122f8ef7ed7f

  • SHA1

    f98af84fbe8bf1f9cb4b94eaf730efdca920bbbb

  • SHA256

    b1cd0d501d8a0022d2ce360cb601f171d8938af613e13814e0af68e79a77c3a9

  • SHA512

    95a39582b06a77fc2036b7d864cbb51adaf809d19528454db2febedbea2bdbeda867a7cae7f4f47d7b081504449f18e3f4c9143821835fd1f74038501e9a580e

Score
8/10
obfuscationstealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Suspicious use of android.app.ActivityManager.getRunningServices 206 IoCs
  • Suspicious use of android.telephony.TelephonyManager.getLine1Number 2 IoCs
  • Suspicious use of android.telephony.TelephonyManager.getNetworkCountryIso 2 IoCs
  • Uses reflection 43 IoCs
    obfuscation

Processes

  • leg.cheap.turkey
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Reads name of network operator
    • Suspicious use of android.app.ActivityManager.getRunningServices
    • Suspicious use of android.telephony.TelephonyManager.getLine1Number
    • Suspicious use of android.telephony.TelephonyManager.getNetworkCountryIso
    • Uses reflection
    PID:4624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads