Analysis
-
max time kernel
4003523s -
max time network
133s -
platform
android_x86 -
resource
android-x86_arm -
submitted
20-04-2021 09:31
Static task
static1
Behavioral task
behavioral1
Sample
0cf2ba5abfdca3c3993b5a763b7620f79e16072e9f1760cebd0d265bacd341e7.apk
Resource
android-x86_arm
android_x86
0 signatures
0 seconds
General
-
Target
0cf2ba5abfdca3c3993b5a763b7620f79e16072e9f1760cebd0d265bacd341e7.apk
-
Size
3.7MB
-
MD5
c8fe0305df52daf974194b59ea1b854c
-
SHA1
5ded888012e25436b3cd2c8aede394e677f4d18b
-
SHA256
0cf2ba5abfdca3c3993b5a763b7620f79e16072e9f1760cebd0d265bacd341e7
-
SHA512
ef44e79671a18380a59ee1a5ed95538bd7c3d9240947097790c2560f8412bb560067c145f90c85a95267c4a0bdf2e255dd2c03c522ae87c465209c10fba49304
Score
10/10
Malware Config
Extracted
AES_key
AES_key
AES_key
Signatures
-
Processes:
update.remove.againpid process 4689 update.remove.again -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
update.remove.againioc pid process /data/user/0/update.remove.again/app_DynamicOptDex/CiB.json 4689 update.remove.again -
Uses reflection 29 IoCs
Processes:
update.remove.againdescription pid process Invokes method java.lang.Object.getClass 4689 update.remove.again Invokes method android.content.res.AssetManager.addAssetPath 4689 update.remove.again Invokes method android.app.ContextImpl.getAssets 4689 update.remove.again Invokes method java.lang.Object.getClass 4689 update.remove.again Invokes method android.content.res.AssetManager.open 4689 update.remove.again Invokes method java.io.FilterInputStream.read 4689 update.remove.again Invokes method java.io.FilterInputStream.read 4689 update.remove.again Invokes method java.io.BufferedInputStream.read 4689 update.remove.again Invokes method java.lang.Object.getClass 4689 update.remove.again Invokes method java.io.BufferedInputStream.close 4689 update.remove.again Invokes method java.lang.Object.getClass 4689 update.remove.again Invokes method java.lang.String.getBytes 4689 update.remove.again Invokes method java.lang.Object.getClass 4689 update.remove.again Invokes method java.io.FileOutputStream.write 4689 update.remove.again Invokes method java.lang.Object.getClass 4689 update.remove.again Invokes method java.io.BufferedInputStream.close 4689 update.remove.again Invokes method java.lang.Object.getClass 4689 update.remove.again Invokes method java.io.FilterOutputStream.close 4689 update.remove.again Invokes method android.app.ActivityThread.currentActivityThread 4689 update.remove.again Acesses field android.app.ActivityThread.mPackages 4689 update.remove.again Invokes method java.lang.reflect.Field.get 4689 update.remove.again Invokes method java.lang.Object.getClass 4689 update.remove.again Invokes method java.lang.ref.Reference.get 4689 update.remove.again Invokes method java.lang.ref.Reference.get 4689 update.remove.again Acesses field android.app.LoadedApk.mClassLoader 4689 update.remove.again Invokes method java.lang.reflect.Field.get 4689 update.remove.again Acesses field android.app.LoadedApk.mClassLoader 4689 update.remove.again Acesses field sun.misc.Unsafe.INVALID_FIELD_OFFSET 4689 update.remove.again Acesses field sun.misc.Unsafe.THE_ONE 4689 update.remove.again