Analysis
-
max time kernel
294893s -
max time network
160s -
platform
android_x86_64 -
resource
android-x86_64_arm64 -
submitted
17-01-2021 18:17
Static task
static1
Behavioral task
behavioral1
Sample
xbafaaflpk.apk
Resource
android-x86_64_arm64
android_x86_64
0 signatures
0 seconds
General
-
Target
xbafaaflpk.apk
-
Size
204KB
-
MD5
4c976607cb1d0c0f3f082ef8dac8f22e
-
SHA1
98e053c1e63f17622e38d3798f5e65e544e9b490
-
SHA256
84dace68c129c0babe472e1a14c3fc95e8349cc2854f536ff3e53b0a394cbd2f
-
SHA512
1082f6c45b16e990b288a81aa974f73a669b331cc0a34ee7511ca3f45322ee9159dffafab520855620e8ffe744e25e9c8b228a58eb0bb8ee62b36e40dfef9e5d
Score
10/10
Malware Config
Extracted
DES_key
Signatures
-
Processes:
d.avxebh.nxprpid process 4266 d.avxebh.nxpr -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
d.avxebh.nxprioc pid process /data/user/0/d.avxebh.nxpr/files/dex 4266 d.avxebh.nxpr /data/user/0/d.avxebh.nxpr/files/dex 4266 d.avxebh.nxpr -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
Processes:
d.avxebh.nxprdescription ioc process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName d.avxebh.nxpr -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
d.avxebh.nxprdescription ioc process Framework API call javax.crypto.Cipher.doFinal d.avxebh.nxpr -
Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 2 IoCs
Processes:
d.avxebh.nxprpid process 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr -
Suspicious use of android.net.wifi.WifiInfo.getMacAddress 57 IoCs
Processes:
d.avxebh.nxprpid process 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr -
Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
Processes:
d.avxebh.nxprpid process 4266 d.avxebh.nxpr -
Suspicious use of android.telephony.TelephonyManager.getLine1Number 58 IoCs
Processes:
d.avxebh.nxprpid process 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr 4266 d.avxebh.nxpr -
Uses reflection 61 IoCs
Processes:
d.avxebh.nxprdescription pid process Invokes method com.Loader.create 4266 d.avxebh.nxpr Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4266 d.avxebh.nxpr Invokes method com.Loader.start 4266 d.avxebh.nxpr Invokes method android.telephony.SignalStrength.getLevel 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations 4266 d.avxebh.nxpr
Processes
-
d.avxebh.nxpr1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads name of network operator
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
- Suspicious use of android.net.wifi.WifiInfo.getMacAddress
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection