2026b1649f35617d539023c5214575638ad1583d8588d4fd2761e4188d49b254

General

Target

2026b1649f35617d539023c5214575638ad1583d8588d4fd2761e4188d49b254.bin.apk
Size

1016KB
MD5

e015e69b94090d5205f3a13d5989ba3a
SHA1

eb9621c53296fed390eeafba169c811fbfc0c831
SHA256

2026b1649f35617d539023c5214575638ad1583d8588d4fd2761e4188d49b254
SHA512

b23db113cfef44824fc9cee313e1836d8fb0a13465129fcc55ff48c526964285847ec30db5ca5092c54d067a58d3c52daa4d9e10adf5e913716494d9630ecfc0

Score

7^/10

obfuscation

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

SIM.Toolkits

ioc pid process

/data/user/0/SIM.Toolkits/code_cache/secondary-dexes/base.apk.classes1.zip 3640 SIM.Toolkits
Tries to add a device administrator. 1 IoCs

Processes:

SIM.Toolkits

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN SIM.Toolkits

ioc	pid	process
/data/user/0/SIM.Toolkits/code_cache/secondary-dexes/base.apk.classes1.zip	3640	SIM.Toolkits

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	SIM.Toolkits

Uses reflection 64 IoCs

obfuscation

Processes:

SIM.Toolkits

description	pid	process
Invokes method SIM.Toolkits.main.initializeProcessGlobals	3640	SIM.Toolkits
Invokes method TP.GetUpdate.tp1.tp_getupdate._class_globals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httpjob._class_globals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httpjob._class_globals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httpjob._class_globals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httpjob._class_globals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httpjob._class_globals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httpjob._class_globals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httpjob._class_globals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httpjob._class_globals	3640	SIM.Toolkits
Invokes method SIM.Toolkits.starter._service_create	3640	SIM.Toolkits
Invokes method SIM.Toolkits.starter._service_start	3640	SIM.Toolkits
Acesses field anywheresoftware.b4a.samples.httputils2.httputils2service.processBA	3640	SIM.Toolkits
Acesses field anywheresoftware.b4a.samples.httputils2.httputils2service.mostCurrent	3640	SIM.Toolkits
Invokes method SIM.Toolkits.main._globals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.objects.drawable.ColorDrawable.build	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.objects.ActivityWrapper.build	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.objects.ImageViewWrapper.build	3640	SIM.Toolkits
Acesses field SIM.Toolkits.main._imgpro	3640	SIM.Toolkits
Acesses field android.graphics.Typeface.NORMAL	3640	SIM.Toolkits
Acesses field android.view.Gravity.CENTER_VERTICAL	3640	SIM.Toolkits
Acesses field android.view.Gravity.LEFT	3640	SIM.Toolkits
Acesses field anywheresoftware.b4a.objects.EditTextWrapper.INPUT_TYPE_TEXT	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.objects.EditTextWrapper.build	3640	SIM.Toolkits
Acesses field SIM.Toolkits.main._us_name	3640	SIM.Toolkits
Invokes method android.widget.TextView.setAllCaps	3640	SIM.Toolkits
Acesses field android.graphics.Typeface.NORMAL	3640	SIM.Toolkits
Acesses field android.view.Gravity.CENTER_VERTICAL	3640	SIM.Toolkits
Acesses field android.view.Gravity.CENTER_HORIZONTAL	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.objects.drawable.ColorDrawable.build	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.objects.drawable.ColorDrawable.build	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.objects.drawable.ColorDrawable.build	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.objects.drawable.StateListDrawable.build	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.objects.ButtonWrapper.build	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.objects.SeekBarWrapper.build	3640	SIM.Toolkits
Acesses field SIM.Toolkits.main._seekbar1	3640	SIM.Toolkits
Invokes method SIM.Toolkits.designerscripts.LS_lm.LS_general	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httpjob._class_globals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httpjob._class_globals	3640	SIM.Toolkits
Invokes method SIM.Toolkits.main._activity_create	3640	SIM.Toolkits
Invokes method SIM.Toolkits.main._activity_resume	3640	SIM.Toolkits
Invokes method android.app.Activity.invalidateOptionsMenu	3640	SIM.Toolkits
Acesses field anywheresoftware.b4a.samples.httputils2.httputils2service.processBA	3640	SIM.Toolkits
Acesses field anywheresoftware.b4a.samples.httputils2.httputils2service.mostCurrent	3640	SIM.Toolkits
Invokes method SIM.Toolkits.main.initializeProcessGlobals	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httputils2service._service_create	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httputils2service._service_start	3640	SIM.Toolkits
Acesses field anywheresoftware.b4a.samples.httputils2.httputils2service.processBA	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httputils2service._submitjob	3640	SIM.Toolkits
Invokes method SIM.Toolkits.main._activity_pause	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httputils2service._service_start	3640	SIM.Toolkits
Acesses field anywheresoftware.b4a.samples.httputils2.httputils2service.processBA	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httputils2service._submitjob	3640	SIM.Toolkits
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3640	SIM.Toolkits
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3640	SIM.Toolkits
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3640	SIM.Toolkits
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httputils2service._hc_responseerror	3640	SIM.Toolkits
Invokes method anywheresoftware.b4a.samples.httputils2.httputils2service._hc_responseerror	3640	SIM.Toolkits
Invokes method SIM.Toolkits.main._activity_resume	3640	SIM.Toolkits
Invokes method TP.GetUpdate.tp1.tp_getupdate._jobdone	3640	SIM.Toolkits
Invokes method TP.GetUpdate.tp1.tp_getupdate._jobdone	3640	SIM.Toolkits
Acesses field SIM.Toolkits.starter.processBA	3640	SIM.Toolkits
Invokes method SIM.Toolkits.starter._tsend_finish	3640	SIM.Toolkits

SIM.Toolkits
1⤵
- Loads dropped Dex/Jar
- Tries to add a device administrator.
- Uses reflection
PID:3640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/SIM.Toolkits/code_cache/secondary-dexes/MultiDex.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/SIM.Toolkits/code_cache/secondary-dexes/base.apk.classes1.zip
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/SIM.Toolkits/code_cache/secondary-dexes/tmp-base.apk.classes4702812672737246271.zip
MD5
8854316b1a687edec820b39dcfeb913a

SHA1
86138a58cd0b5b712fc738bc82fc939f03363f08

SHA256
a9d53e6d02f8c1250419c878c4947153d2b57936632bf7922ad0f3d61fbf86ba

SHA512
a70b5da45ab1ce80a53aa7e1797cd2f7818ce7f464ea9c43c617f937c528ddcba669f4c9c4e908c456c131822a562b34cbacd931bce2a5df3f4972330040adc4

Download Submit
/data/user/0/SIM.Toolkits/shared_prefs/multidex.version.xml
MD5
d35bbf3f3528f42a8cac3a5012d020e5

SHA1
b93a122d5a90fa97c25ceb9d526b28247d7fc25b

SHA256
13d8e9d41eb32379c907a2fb725ef8d502a5616df4657218fc5f444379bdbf09

SHA512
5885c6ea7514330b7e66eeb0fcd4b05a05fcc34072d7de626fb5786fdcfc82de38392de6d9b672f33a8bab4c208a3aedf521b13112c181dcd1c8150e15d9704b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads