Analysis
-
max time kernel
2122700s -
max time network
170s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
14-10-2021 11:13
Static task
static1
Behavioral task
behavioral1
Sample
5a8c34d23931c33b1a0aa25b7c0bee786111db6fd053b88a5a152898bd8faaae.apk
Resource
android-x64-arm64
General
-
Target
5a8c34d23931c33b1a0aa25b7c0bee786111db6fd053b88a5a152898bd8faaae.apk
-
Size
4.9MB
-
MD5
4493edef47da202d59a2fd8c183caf2b
-
SHA1
c971a1c8ac0761abfff2220b0e1e07cb2f82a971
-
SHA256
5a8c34d23931c33b1a0aa25b7c0bee786111db6fd053b88a5a152898bd8faaae
-
SHA512
22a252b50f4bf936a29f407d711347b8d6816f61f38a1b6f725253c40876bb7503ceedf7830312ec3005e0a62f6c9fd6cd1037e364917aee745f6eb746374ae2
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.thestore.mainioc pid process /data/user/0/com.thestore.main/khzhhhxhno/chonbYvfkbcvlzh/base.apk.mhmhkck1.bgh 4250 com.thestore.main -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.thestore.maindescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.thestore.main -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.thestore.maindescription ioc process Framework API call javax.crypto.Cipher.doFinal com.thestore.main -
Uses reflection 64 IoCs
Processes:
com.thestore.maindescription pid process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4250 com.thestore.main Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4250 com.thestore.main
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.thestore.main/khzhhhxhno/chonbYvfkbcvlzh/base.apk.mhmhkck1.bghMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.thestore.main/khzhhhxhno/chonbYvfkbcvlzh/tmp-base.apk.mhmhkck6824687992557192061.bghMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.thestore.main/khzhhhxhno/chonbYvfkbcvlzh/vlgGGhpv.YmhcMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.thestore.main/shared_prefs/Voicemail.xmlMD5
a4c7cd64f310ad8337d971ed2c32e9d3
SHA1448b6e2e42ee2a5b8b7f4a5197e8e0d7039571bc
SHA25601e3287aabd31bf073ca110edc4a37a1b1f4b6440be4c739f6f72f334cb533c4
SHA512f5265df5bd91c7709801964ed88043be9669f9a819f940c25f22053162c45aa775b7a6e9c50a53c11ffd0201a62c04bc1389c811ca1b92c490c26cd0bd78e3f5
-
/data/user/0/com.thestore.main/shared_prefs/Voicemail.xmlMD5
cb52a0d4ea4db627b88e5604cf846548
SHA1e172afec77ea87d7ab57f9ec8529442587161fa4
SHA256bd14f9f7abab3c184569d4ba98339a069ed71411a74a47526546133142cd26ad
SHA512304d0ead5b3ee4375c7b25961897f9fd55637dd73f0c0e1c502eae03bbb329ee81ab5c9ee93b3940970628edda843fd5ba32d9098bdca135e5e798efc09158cd
-
/data/user/0/com.thestore.main/shared_prefs/multidex.version.xmlMD5
c60a1453cce67bad226b6c5677561fc3
SHA1c8ac8c838ba3df787f724fd13b78e1562dcb1121
SHA25643c768aace9ad52778d06d4105bdccaceaa6e3fa31b2ca99f7a124886eefb3ea
SHA5127bcb2462381310ce68769a896db17ba5a5febb12a485b766d723e69808d985b6613d72a6d170c90aa0607640152c6f45c56fa4ddf87e577001665bea9687fbf1