Analysis
-
max time kernel
4009118s -
max time network
24s -
platform
android_x86_64 -
resource
android-x86_64 -
submitted
22-11-2020 07:53
General
-
Target
5c527a2bbb2894a199826059892202c28b7c0258c5dc7567fe9249332594fe8d.apk
-
Size
765KB
-
MD5
8e0d8b35aa77ced25b40ca6986696a0e
-
SHA1
e84c092a44400cd1face3d806349dec99f172f4e
-
SHA256
5c527a2bbb2894a199826059892202c28b7c0258c5dc7567fe9249332594fe8d
-
SHA512
76237f1a0da2a0799c91f87e9ac8bf53db5df0b976ab3399162a7e457aae5d6d342b9f52b5e112a89fc916e8600561392b09210bbad8b30b98caf6a241d29bd4
Score
8/10
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Suspicious use of android.app.ActivityManager.getRunningAppProcesses 1674 IoCs
-
Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
-
Suspicious use of android.telephony.TelephonyManager.getLine1Number 1 IoCs
-
Suspicious use of android.telephony.TelephonyManager.getNetworkCountryIso 1 IoCs
-
Suspicious use of android.telephony.TelephonyManager.getSimOperatorName 1 IoCs
-
Uses reflection 20 IoCs
Processes
-
com.sxhvm.hjdyosewn1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Suspicious use of android.app.ActivityManager.getRunningAppProcesses
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Suspicious use of android.telephony.TelephonyManager.getNetworkCountryIso
- Suspicious use of android.telephony.TelephonyManager.getSimOperatorName
- Uses reflection