diamondfox | 44fd5e974fc5c7903d67233ba9e4718b7cc63627a28ba8fe1d2c7ef6eb5f74c4

Analysis

max time kernel
1024278s
max time network
143s
platform
android_x64
resource
android-x64-arm64-20230621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
submitted
09-07-2023 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AntivirusAI136_DZAPK.COM-1.apk
Size

10.4MB
MD5

2281a663acfc3e81cbdb7ede827c2d6d
SHA1

9b13e7d7431a3847f9e1abb3cc793e498c4d86f1
SHA256

44fd5e974fc5c7903d67233ba9e4718b7cc63627a28ba8fe1d2c7ef6eb5f74c4
SHA512

89768d9beb8800a20d506cb40254df9a2259d334979db873d357604ca776b6a4c6fabd537ddf9c517eadb3607618f91b2f288ed66060348fb7037c29e3fd30ca
SSDEEP

196608:LD6T4a110xIPoIeP/ShMIgHUkiBY8dG7iFnu6ToJ+Ov8e1I7ao:L+T4a1CiPMIgHjWvEAnMhs

Score

10^/10

diamondfox botnet stealer

Malware Config

Signatures

DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
botnet stealer diamondfox

DiamondFox stealer 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.protectstar.antivirus/cache/volley/-4440143561595694984	diamondfox_stealer

Acquires the wake lock. 1 IoCs

Processes:

com.protectstar.antivirus

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.protectstar.antivirus

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.protectstar.antivirus

Requests dangerous framework permissions 3 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS

com.protectstar.antivirus
1⤵
- Acquires the wake lock.
PID:4355

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.protectstar.antivirus/cache/volley/-4440143561595694984

Filesize
116KB

MD5
6ee43f82cb2ea0002524b7792ee5b781

SHA1
662b997b62d9a44975f9343c4d3ae709550fde2d

SHA256
5b185a0ec209a3afd5fc44dc66690c9b9512fb75c6a77b926edef766486ee291

SHA512
7a202935bcecbfbf914658d3f840c9052a659807868f291bc130759acb37e9fab95893a8e0aee4a7b03c0f8bab0bb65c5823448ab51c24578534de6c9c346022

Download Submit
/data/user/0/com.protectstar.antivirus/cache/volley/-4440143562082814216

Filesize
394KB

MD5
d0979f77620e79400cdd316527c12a0d

SHA1
e659276d562044b03be8a8166943aa4daef1e2cb

SHA256
3646e4daafc50323ff980e5361dda88d1b30860c3f3285216215fd685984a84f

SHA512
a0e417cc376b2a8b8cae0238c5f00ce698ff33d4d8c17697222c115c5feb634b1b1cde74748eb66e3f63691f02330053be5fae37e33ad191f1096090e6bf914f

Download Submit
/data/user/0/com.protectstar.antivirus/cache/volley/-504558873-1090045957

Filesize
216KB

MD5
4500f643c9baf7863a5544ef571879f1

SHA1
4a18ea97f93af9aa1893c95ee5529ccd15552ee7

SHA256
80ab4fd392f8fe6924584a70131868d57711c8e8a87dd073ae5aaec54efc2cd1

SHA512
9032775ebc7a4e3a245cdd8e8dcb824c2fc6b947931254a818defa29c9424d60d7788b60243be945013e7a5c5d98e66954b4acaf234df57af60e6fcc72dafcdd

Download Submit
/data/user/0/com.protectstar.antivirus/cache/volley/1832329520563655267

Filesize
954B

MD5
ddc0638536a99363fc85a7aa0e401006

SHA1
3221424a9689f551589a6b7c8c998b4e004cad6b

SHA256
a1f74b885a2677be0bc86f8e20a8501ac644b3fc28632d0ffd1eb08f4900d08e

SHA512
7c5fc5540772e51aa195aebb9e940514bbfd05ed00c4cff3e24d3519f53b5117ee1d518a9a807cc2f4bc698765dea079580282465d43c4ae61a8a58c9d7048ae

Download Submit
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events

Filesize
144KB

MD5
625d9e575aa250d372cc3268f148600e

SHA1
9f539bcc0064451657ff29bd44f871d5ea6657df

SHA256
1706a1e8dc5ff865de96d512281491e4d2276187704993c912cea665b98b721e

SHA512
be1e813033bd03cc37fd27d5f62f6614add3c7fae4ba5e14d130df58b4e395562e980b375e25383e3b593d0dcd1f627cfbfb4e48f043167bbe555bd1b3cb3e1d

Download Submit
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-journal

Filesize
1KB

MD5
3feee1268bb6582c6332a052f77d31e1

SHA1
5e8051a2bf9fd0fac061b69a4b2fcdb9b745f183

SHA256
c925ee330d6f1734985a675d68e5a0d3f081368eba53d51d0642a3e8661d834a

SHA512
b12a9c055d82c251e0e4512d67d8e6c5d89c9656f75739283aa4e2c35d408b3871739628610f52a46de321049c79cf514f00610812f182e237f584614332acf4

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/initialization_marker

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AB46A2009D000111038C8F83E9A489/keys

Filesize
15B

MD5
573f30909f4bf560971e1115453c34fc

SHA1
239ea999a5ff1fda1652483298fcea2627e76269

SHA256
b0c0f5f2345c11fcf39b8528bc21c9a0a767d5061bb2ed0d7ebcd0552d8fa847

SHA512
8cf5df41225b624953669de573c71b5fe87c63ac0c566d7a7b9674e5bd9c2c83cad46feec39841a724512098969f28bd86733f2ed00940364fa490c80ccfac91

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AB46A2009D000111038C8F83E9A489/report

Filesize
756B

MD5
e0412cf9b12615d7d68ca55244111199

SHA1
5aabc6a1b3426701e3934eae807d5c07bd1b8333

SHA256
be103492d08b4b4c724229ed5700b9590dc14732a3c3ef41458ba0f8cbef7075

SHA512
7e6b3f88c692d39146ddffbecea078c7e78b01d1da461fe10640583a1a33804c0ad3312bac585b206de935b4aeec695aabf15620f497f11c0b489d10fab7ed1b

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AB46A2009D000111038C8F83E9A489/start-time

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/PersistedInstallation484040952649459167tmp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/PersistedInstallation907049815837360642tmp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/generatefid.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/no_backup/com.google.android.gms.appid-no-backup

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/origin.apk

Filesize
5.5MB

MD5
64bce546d5b79b78e6688420945edf87

SHA1
665cd42c9831d0510db5756c004911c5b71a99cb

SHA256
75078c407ef53a9433ecbdd76f49002a8a5bdc9df0da65ef0bc6040c6bce7dab

SHA512
20c50c51b18bc7f1f281ecdff81e1395ec82a22d12b4a28cb9bf69fee56cf0b7059939f0542c545e8419a32ce158a6300901944f50364f51be33a4995c2399c9

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml

Filesize
124B

MD5
8d21923a373d52723543c1901282fb23

SHA1
fa79a159fc08630d359876368c1559b2a2b0fb94

SHA256
a26efd2e2fbaf313fed7c9cfea5506bc25101ae4a9a5d43ab3140d5d32c268cf

SHA512
ed373d427b19fab7cf79d459986de906b595bc21230a966d3e1da547e759da3c1aec78ca0e860c197387ec9926227ca9645719ad16bed46e346d9d952761003c

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml

Filesize
590B

MD5
a996c63d88946d849f6a231d7b2574d7

SHA1
bf4069284a34b935c3c491254743d8650fc740d5

SHA256
1f670e96a7c85bb0493556412f0dd6f524d9b03be89f37cbf147e3dbc384f86b

SHA512
c42cd3ee83dc405983c618451b4284261e3c3bf55f8ad11200f6493306c6fa1198510a90252eb8889a8c0ef51263e2c688f8b32cceb6293e5984e4efc401b8d5

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.appid.xml

Filesize
389B

MD5
892e2dd4979e34941d1fa7da803b1530

SHA1
1b862b0463ab0af9853e46b68065bf19fda0f1e7

SHA256
4b5ad1404b03869e105a28815e4fc5a2cad1c0bd2cd4509fe1e58249665dbb6a

SHA512
363cb9f340444e7b870e30e109bcc76d4e2653948350ce979ce6f827919d8f6c4c32c885e521c868a968e86a9e37efa65f01aef1b207eb3e08f051542df790c2

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml

Filesize
122B

MD5
250b4caeba60ddf53228405750ba66ca

SHA1
422ab714feb34e9f3b4f1cbe669887bcd581ddb1

SHA256
2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e

SHA512
373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml

Filesize
456B

MD5
4628118462436de44862fa01c0610060

SHA1
c45e44ca653021d29ff79d2966f30ee54274e2db

SHA256
88eb9b771432fcec875079d8e09f4932bfe5ab7951bd817b6eacaa26a0b06ea0

SHA512
dfdbb2fd12ca0effddf36b82bdca18fe3954b4a03ec7da19266cdfc85ed6d2e9d0a766e2f5e2007408927bd2f2eb2480714c9302f5bcb3a5d6cfdb4cea6e3aaa

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.crashlytics.xml

Filesize
235B

MD5
5de58dbb7b31de2c68be0acbf519280a

SHA1
6ac802f27c5d22bdbc4785f027e58c0664c78dbd

SHA256
eb6fed9ef41b3f2b13e0fa1782bb24fb23c98ea25c1b21bc312b520d30a1773e

SHA512
f576c5877a221174e991bdb1c12db47b9f2718f4ae9af88f9c0e296d0efbe0720f26df50af694633410296bd1c31d18be8e7037fe6f84dab2d59a2be6493b485

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.crashlytics.xml

Filesize
311B

MD5
4de88135b7d062b8cf374405ec976147

SHA1
3ebd0bdfb79135e6344cb84874be75eef46a3c9a

SHA256
d72cc9f02bb3f98cffe24a4eabb401b53cda62d66d7ce46315a6cb9d61462ffc

SHA512
93fa6be14296e6d0e19193904bfe1068e068e75d44d71f5450d1c982207dacfd53b06adb10344410c0d8a512a4b74d617049899c080ab6aad8618dc5ef07e9dc

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.messaging.xml

Filesize
137B

MD5
d6b32b6f7842c43a69d96e6bbc0f951e

SHA1
f09a77cc001d93e3386c5cd436a79ee29a46da6f

SHA256
5d262a249d4523aa6285643f3e7d110697e3aa653bf68909d3a56f4fad151a75

SHA512
e15f4e2d36a163ee62904a7d8e07ff792adde9992607f82b663df8047483283334eb2d7d6643aaca4395e11e9c1ffc51f8b3cad45b19922f31bdccdcd898ee56

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.protectstar.antivirus_preferences.xml

Filesize
194B

MD5
c78c495cf44504f575a670dc6bafda86

SHA1
77355bef2e78059d7a321dae6c6a56670bae772f

SHA256
645640a89ddef96bd44650003d2906d1395e1c59949afc10365d4affafac2831

SHA512
b166a79883696f8ce4c51132c4adf08ea99a7f6cd13c9ff55fc7026a6480bde3b9be64de96bdd51284974b1675ac9b46f528602b05de0e86b1d363b6a525a3b3

Download Submit