Analysis
-
max time kernel
4077389s -
max time network
41s -
platform
android_x64 -
resource
android-x64 -
submitted
29-07-2021 16:09
Static task
static1
Behavioral task
behavioral1
Sample
fd1aac87399ad22234c503d8adb2ae9f0d950b6edf4456b1515a30100b5656a7.apk
Resource
android-x64
General
-
Target
fd1aac87399ad22234c503d8adb2ae9f0d950b6edf4456b1515a30100b5656a7.apk
-
Size
4.4MB
-
MD5
d9d34d6627ae3150bd574b6523995d9a
-
SHA1
5a5910c2c9180382fcf7a939e9909044f0e8918b
-
SHA256
fd1aac87399ad22234c503d8adb2ae9f0d950b6edf4456b1515a30100b5656a7
-
SHA512
b2d5c12711e8485c7d2de1a52aa736342c544715d607d6fc026d5b334ee522f7bf97572686405012104cef208d462c98814ff23c68683e49bc716020c0b3ef93
Malware Config
Signatures
-
Uses reflection 64 IoCs
Processes:
com.egov.appdescription pid process Invokes method android.graphics.FontFamily.addFontFromAssetManager 3570 com.egov.app Invokes method android.graphics.FontFamily.freeze 3570 com.egov.app Invokes method android.graphics.Typeface.createFromFamiliesWithDefault 3570 com.egov.app Invokes method dalvik.system.CloseGuard.get 3570 com.egov.app Invokes method dalvik.system.CloseGuard.open 3570 com.egov.app Invokes method com.android.org.conscrypt.OpenSSLSocketImpl.setUseSessionTickets 3570 com.egov.app Invokes method com.android.org.conscrypt.OpenSSLSocketImpl.setHostname 3570 com.egov.app Invokes method com.android.org.conscrypt.OpenSSLSocketImpl.setAlpnProtocols 3570 com.egov.app Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3570 com.egov.app Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3570 com.egov.app Invokes method com.android.org.conscrypt.OpenSSLSocketImpl.getAlpnSelectedProtocol 3570 com.egov.app Acesses field com.egov.app.framework.web.ResponseModel.code 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app Acesses field com.egov.core.model.Service.basicService 3570 com.egov.app Acesses field com.egov.core.model.Service.subProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.mainProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app Acesses field com.egov.core.model.Service.basicService 3570 com.egov.app Acesses field com.egov.core.model.Service.subProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.mainProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app Acesses field com.egov.core.model.Service.basicService 3570 com.egov.app Acesses field com.egov.core.model.Service.subProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.mainProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app Acesses field com.egov.core.model.Service.basicService 3570 com.egov.app Acesses field com.egov.core.model.Service.subProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.mainProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app Acesses field com.egov.core.model.Service.basicService 3570 com.egov.app Acesses field com.egov.core.model.Service.subProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.mainProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app Acesses field com.egov.core.model.Service.basicService 3570 com.egov.app Acesses field com.egov.core.model.Service.subProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.mainProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app Acesses field com.egov.core.model.Service.basicService 3570 com.egov.app Acesses field com.egov.core.model.Service.subProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.mainProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app Acesses field com.egov.core.model.Service.basicService 3570 com.egov.app Acesses field com.egov.core.model.Service.subProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.mainProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app Acesses field com.egov.core.model.Service.basicService 3570 com.egov.app Acesses field com.egov.core.model.Service.subProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.mainProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app Acesses field com.egov.core.model.Service.basicService 3570 com.egov.app Acesses field com.egov.core.model.Service.subProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.mainProviderName 3570 com.egov.app Acesses field com.egov.core.model.Service.id 3570 com.egov.app Acesses field com.egov.core.model.Service.title 3570 com.egov.app
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.egov.app/cache/http-cache/45be6d4f65babd4c94f06a28c4679e6b.0.tmpMD5
1f91f9b8bc7ba733ee9c7244a3cde1a0
SHA13cab41137ffc3848eaa0010da9a8436deee4bbd3
SHA2563e34d1c7abe1b2e4002a6a4ec73728b5da9de2b23a5fd4721ac11ba1ba6af771
SHA512f789f127e81f4504405b4e348bd47d887cef5087530cfb68fe67503c69628ff36e41f72006926912bff0f453ad89acdc31bee6b4d93ae96af2eaa6904e3fe4db
-
/data/user/0/com.egov.app/cache/http-cache/45be6d4f65babd4c94f06a28c4679e6b.1.tmpMD5
b66ee76ce8fb78e373e9d8036b807679
SHA16465e7e1f19c20d76e940412d41fbd8693917237
SHA25697fb0c7a8f786a296d677ac5b17d392e5b6ea78897d589df802973fb2e3d4869
SHA51263d5c6c9fb0e517bd5de8d08ee589f956be725dbc68fe7dffea43573b154a089c5759b2db2a63b4731f946645e130eeba2e2171d37ee603bec7d39de47a7f9b3
-
/data/user/0/com.egov.app/cache/http-cache/journal.tmpMD5
cdf0ccea303a01fa8ed92f407a17362c
SHA1ca2665123f2ba214d1c5026ef8e09aead5330002
SHA2566f4d197a3ca64eab0dc11474b6664dbac60029b05405d801f16bfa179a82db66
SHA512137d17fd02b6c28872813abb8e83aa6c1fb77072a965acf3101341b1a0349d0b7198502c14b88d87aa3b38e580794b047fbab28e3fa413f840d641f67bfa135a
-
/data/user/0/com.egov.app/databases/e-Gove.dbMD5
f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/user/0/com.egov.app/databases/e-Gove.db-journalMD5
cef3ce9dd3a6ef00c7a2b4af19eb3b49
SHA1304b21efc6b5d44281465672c4d7a900fec900d8
SHA256a6169968a56419228643e67e505bc157dadb0a5e0a811cbbbffcb13255ac043d
SHA512e4f4372f52533cf3ef9d6a023d5ef59b9cbb5c52319042702024d5421f2123f769cb8b6ad95db067e08b0f092ce72e10280861490e438d527050a9eca7b25d0c
-
/data/user/0/com.egov.app/databases/e-Gove.db-shmMD5
cc5c9371afdaa3102e188c294a296ec1
SHA1190b322c8db366614071a86fa789bf1f246fc66d
SHA2561a5ece8ca9757bc449d4d827dcdcad62dda376185854703fa166722239388b9e
SHA512347786794cb60a8b1c7a5485c6cc3a27cdc2fecd1e460932f0ecd56da68d0638857b0b40113256377e4fda1ad4f8da609afcb7c67680ae46b53cc01e2c9e1278
-
/data/user/0/com.egov.app/databases/e-Gove.db-walMD5
1c36dca6c6f31070a8141b3e38fdc252
SHA1bb2d13c4caeb6fe6c7cbcf3013287e251b041ebb
SHA256519f17c6743fa45e6246bcd6b7a5edbfa1b352374df883b05cae081f5d46a4f4
SHA512f26e00be8a19f548dd4aaa56d5510a864165173c6e1a83554f4670d8957a5ff9826a1b799e19a3a7e0d87817afacfef05441ea5d3b2f8a34b87562c06acf1bff