Resubmissions
17-01-2021 18:50
210117-p29gjn9xre 1013-01-2021 21:41
210113-sz9mt28ax6 1013-01-2021 21:39
210113-tlgh3tnrwn 10Analysis
-
max time kernel
4256504s -
max time network
127s -
platform
android_x86_64 -
resource
android-x86_64 -
submitted
13-01-2021 21:41
Static task
static1
Behavioral task
behavioral1
Sample
Riskware.apk
Resource
android-x86_64
android_x86_64
0 signatures
0 seconds
General
-
Target
Riskware.apk
-
Size
508KB
-
MD5
b4e2d72bffd19ec64c5d51c035a4d569
-
SHA1
47559f5e66b063e2b14390311d8fd1c1efd63f2a
-
SHA256
d3c950ae2ad0e51127f271ea99931e823b70970279c0501525fd96e3aa2a10fc
-
SHA512
0fbabfb3b0d4ce770054f290025400d256eb8ab06f9223e7c8402d2142d427bb7b0742dabc82128039b6aa947dd588a3b85db8d86783e7f4b2f874a32d118e81
Score
10/10
Malware Config
Extracted
AES_key
DESEDE_key
Signatures
-
Reads device subscriber ID 2 IoCs
Uses Android APIs to read subscriber ID (IMSI on GSM devices).
Processes:
com.oscadr.nehemliahcom.oscadr.nehemliah:opendescription ioc process Framework API call android.telephony.TelephonyManager.getSubscriberId com.oscadr.nehemliah Framework API call android.telephony.TelephonyManager.getSubscriberId com.oscadr.nehemliah:open -
Reads name of network operator 2 IoCs
Uses Android APIs to discover system information.
Processes:
com.oscadr.nehemliahcom.oscadr.nehemliah:opendescription ioc process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.oscadr.nehemliah Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.oscadr.nehemliah:open -
Uses Crypto APIs (Might try to encrypt user data). 2 IoCs
Processes:
com.oscadr.nehemliahcom.oscadr.nehemliah:opendescription ioc process Framework API call javax.crypto.Cipher.doFinal com.oscadr.nehemliah Framework API call javax.crypto.Cipher.doFinal com.oscadr.nehemliah:open -
Suspicious use of android.net.wifi.WifiInfo.getMacAddress 32 IoCs
Processes:
com.oscadr.nehemliah:openpid process 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open 3566 com.oscadr.nehemliah:open -
Uses reflection 43 IoCs
Processes:
com.oscadr.nehemliahcom.oscadr.nehemliah:opendescription pid process Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.os.SystemProperties.get 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3531 com.oscadr.nehemliah Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.os.SystemProperties.get 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open Invokes method android.content.Context.checkSelfPermission 3566 com.oscadr.nehemliah:open
Processes
-
com.oscadr.nehemliah1⤵
- Reads device subscriber ID
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
-
com.oscadr.nehemliah:open1⤵
- Reads device subscriber ID
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.net.wifi.WifiInfo.getMacAddress
- Uses reflection