Analysis Overview
SHA256
5bb6dc2fc38bccaebf7a9a0da01c708cb36b6875563b494333ca471a899079ba
Threat Level: No (potentially) malicious behavior was detected
The file Live_sexsi.apk was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Brata family
Brata payload
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-08-20 22:44
Signatures
Brata family
Brata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-20 22:44
Reported
2022-08-20 22:47
Platform
android-x86-arm-20220621-en
Max time network
140s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| NL | 142.250.179.131:443 | tcp | |
| NL | 172.217.168.234:443 | tcp | |
| NL | 172.217.168.234:443 | tcp | |
| NL | 216.58.214.2:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 172.217.168.234:443 | semanticlocation-pa.googleapis.com | tcp |
| NL | 172.217.168.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 216.58.214.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:853 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-20 22:44
Reported
2022-08-20 22:47
Platform
android-x64-20220621-en
Max time network
136s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| NL | 142.251.36.42:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 216.58.214.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.251.39.106:443 | tcp | |
| NL | 142.250.179.130:443 | tcp | |
| NL | 142.251.36.42:443 | tcp | |
| NL | 216.58.208.104:443 | tcp | |
| NL | 142.251.36.42:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| US | 1.1.1.1:853 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2022-08-20 22:44
Reported
2022-08-20 22:47
Platform
android-x64-arm64-20220621-en
Max time kernel
3178245s
Max time network
152s
Command Line
Signatures
Processes
edward.org
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.202:443 | udp | |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 216.58.214.2:443 | tcp | |
| NL | 142.250.179.134:443 | tcp | |
| NL | 142.251.39.104:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 142.250.179.195:443 | tcp | |
| NL | 172.217.168.194:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 142.250.179.174:443 | udp | |
| NL | 142.250.179.168:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.250.179.174:443 | udp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 216.58.214.4:443 | udp | |
| NL | 142.250.179.170:443 | tcp | |
| NL | 216.58.208.106:443 | tcp | |
| NL | 142.250.179.138:443 | tcp |
Files
/data/user/0/edward.org/no_backup/com.google.android.gms.appid-no-backup
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/data/user/0/edward.org/files/generatefid.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/edward.org/files/PersistedInstallation8499533052201500038tmp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/edward.org/shared_prefs/FirebaseAppHeartBeat.xml
| MD5 | d91469fa24de9b76c3e3832aa8413aa4 |
| SHA1 | 6ba6efbb4f811ef981a8cb092ac160b8f5871596 |
| SHA256 | 24f5ccaac9a19a3d5de0400daa98ef76ca76b8f2b3bb3a54f5f100ee71cb1cca |
| SHA512 | e5027639dd01c1148b6762dbfa810a77a3b163c5d56a121a9b90259b5334a17737c8e7fc9fc7c3cc0119db4df437f44f192bc730b0b1e5e8688301a32181863e |
/data/user/0/edward.org/shared_prefs/FirebaseAppHeartBeat.xml
| MD5 | 5753f11de93b888edbc725df68835e51 |
| SHA1 | 6004f4388488848559e2e939e8c73e1f458574fa |
| SHA256 | 1eae4f45a70bed52a0f12e578d1ec1e10a828c18d189cc5d166a6bc16178a0af |
| SHA512 | 7a2056175eb01f4d429ea8f13bc0d4dfff0c3337c7059900f41f91dcaf56929c627816c60fde3f715ce595d80a7271239b222e9d8e6ad48ebc71e13a51d25b4d |
/data/user/0/edward.org/files/PersistedInstallation6701198567072648581tmp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 250b4caeba60ddf53228405750ba66ca |
| SHA1 | 422ab714feb34e9f3b4f1cbe669887bcd581ddb1 |
| SHA256 | 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e |
| SHA512 | 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb |
/data/user/0/edward.org/shared_prefs/FirebaseAppHeartBeat.xml
| MD5 | 0b28fd8c4893faa29080bc6f105d1c80 |
| SHA1 | 47526daa23716b8e17af32a565a6a0d6e8d8ff67 |
| SHA256 | 4fbc3a54ac804367c5d42566fae382a16240ba4da6b83365dd4d779c91a57e46 |
| SHA512 | a90111a1b37ee386d1a554509d36cde9abf8493eca05aaa96eab616b4e737f2b42a0ef4071d96e33fa2b3dc18bd35eb76c4ceeb10fccda87247c5eeddef8500c |
/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | e940cfc75a803759482c55751f4613ac |
| SHA1 | ca8d9f767f5a3e2eaa77b165a1af9e8ac2a12ce7 |
| SHA256 | e79edfb4e0813493ce4c41f4eb23dc2e755865b31cadeebaff0fa990a7cd4db9 |
| SHA512 | ddcc671034610b392d0af3f5dad774f699367b9a513527a59135e2e2740f04128a16c34a6043f51fbcbdaf54e9f76a3d57384b6563de2e95413af32b1ffd3b00 |
/data/user/0/edward.org/databases/google_app_measurement_local.db
| MD5 | 8dfcfdcef5a9793fb83bda404ec3f42b |
| SHA1 | dd02caf5757e9fdaf184ab299c45e4c92ab3ae4b |
| SHA256 | a59674cc863d7e977b030c7047072dc4c6d5ada1257917574fe184d886042cd2 |
| SHA512 | e04d1892c052fc3766881d3f21e26961714e575766cb316bcada34cce49cf6e17eb26c3fbdee0038ed2c75da0a9cab99e0e3e78374be20ce2790cc0d0d9cd807 |
/data/user/0/edward.org/databases/google_app_measurement_local.db-journal
| MD5 | 83823a3b1a34e17c2f1d948c437f1910 |
| SHA1 | f9b9b2b2a84d15cd8cf391b5b41236670a0ec747 |
| SHA256 | 5a5a9392d1029e85a86ece8c2e647a7a4b894b96abe6cc28fd1e5979bfbfa64a |
| SHA512 | 97decb74920c9ecd54d8a8f54fdc178ab66834dc3e0ef7d2cd2a7f4c5cd65b236f5e7548d77cfdf5b9a2725bf819e00e555b29e3e41ec42f24c34c94a93ef1e9 |
/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | dd00261b020b751c08b6b51193a97522 |
| SHA1 | 4446cda29a0df48fb4042dc4b3085547e66bb436 |
| SHA256 | 9f5f4d6f3e5866897d39357ffa1970583701cf0db65640bc6d1cefb5e310c3b7 |
| SHA512 | 30b734dcfdb8a46db182b9ab4c46e6fb60226da2e97824fe399e2b72dc843041f32ad8f94fce5f365b5de64e9f45e7287e8a1b3f8abb8311819be8970266e7d3 |
/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 9b0dc88b0514ee823c9cf8fb863f7688 |
| SHA1 | 8bb7060f3e56a417412820cb1e91d7dff5ebd80b |
| SHA256 | 10514103eb43365f9250b790a428b68fe3519cc142d9bbd376746035739315b0 |
| SHA512 | 6f83d2cc95ee2a1ce022c13056a08fc098a45e752a2804b5c0df47203ffa5e762649344c8c6dcfebdc3f406d141ba6cd29cf8ac8cdc35d55c9f19c89d94130e5 |
/data/user/0/edward.org/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 92e473d012827e114117ffcbf088b9f0 |
| SHA1 | 3f914fe4c4c690a8c3e09a810dca0e017d24241a |
| SHA256 | cbff382147dcee0b49c3350767aecb7460adbb0e7f03cc65223549c2b7be2cb9 |
| SHA512 | 3c4a5c009a1a5b33a2749873a372f26dfea144933cf08c2096a6d63c3d0469986bd3089987f0a95d58bfe97f6ca95b07cc8c0777e105a1e49d7fdc173a72e8ec |