Analysis
-
max time kernel
603181s -
max time network
157s -
platform
android_x86_64 -
resource
android-x86_64 -
submitted
21-01-2021 07:56
Static task
static1
Behavioral task
behavioral1
Sample
dmunuarcai.apk
Resource
android-x86_64
android_x86_64
0 signatures
0 seconds
General
-
Target
dmunuarcai.apk
-
Size
205KB
-
MD5
85c7d32662a8f2191531471ae02b3690
-
SHA1
ea44213d2ef77600b550abc3f01722ed40e57704
-
SHA256
a68d9cd4d49a5ea0a413901bb91d9f61c37504df8377c76213d8f59364d70cc7
-
SHA512
fb9ad59bc5c6a2015d455607d9aaf87faa84ce509de1908a2036983d11deb40e2b67c7df2ebead2cae0881166304e652d316d9617cd154fe27647916eb54c129
Score
10/10
Malware Config
Extracted
DES_key
Signatures
-
Processes:
mydg.wsmic.rcpcwpid process 3544 mydg.wsmic.rcpcw -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
mydg.wsmic.rcpcwioc pid process /data/user/0/mydg.wsmic.rcpcw/files/dex 3544 mydg.wsmic.rcpcw /data/user/0/mydg.wsmic.rcpcw/files/dex 3544 mydg.wsmic.rcpcw -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
mydg.wsmic.rcpcwdescription ioc process Framework API call javax.crypto.Cipher.doFinal mydg.wsmic.rcpcw -
Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 1 IoCs
Processes:
mydg.wsmic.rcpcwpid process 3544 mydg.wsmic.rcpcw -
Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
Processes:
mydg.wsmic.rcpcwpid process 3544 mydg.wsmic.rcpcw -
Suspicious use of android.telephony.TelephonyManager.getLine1Number 1 IoCs
Processes:
mydg.wsmic.rcpcwpid process 3544 mydg.wsmic.rcpcw -
Uses reflection 6 IoCs
Processes:
mydg.wsmic.rcpcwdescription pid process Invokes method java.lang.ClassLoader.loadClass 3544 mydg.wsmic.rcpcw Invokes method com.Loader.create 3544 mydg.wsmic.rcpcw Invokes method android.app.ApplicationPackageManager.setComponentEnabledSetting 3544 mydg.wsmic.rcpcw Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3544 mydg.wsmic.rcpcw Invokes method com.Loader.start 3544 mydg.wsmic.rcpcw Invokes method android.telephony.SignalStrength.getLevel 3544 mydg.wsmic.rcpcw
Processes
-
mydg.wsmic.rcpcw1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection
PID:3544