diamondfox | 44fd5e974fc5c7903d67233ba9e4718b7cc63627a28ba8fe1d2c7ef6eb5f74c4

Analysis

max time kernel
1024286s
max time network
141s
platform
android_x86
resource
android-x86-arm-20230621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
submitted
09-07-2023 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AntivirusAI136_DZAPK.COM-1.apk
Size

10.4MB
MD5

2281a663acfc3e81cbdb7ede827c2d6d
SHA1

9b13e7d7431a3847f9e1abb3cc793e498c4d86f1
SHA256

44fd5e974fc5c7903d67233ba9e4718b7cc63627a28ba8fe1d2c7ef6eb5f74c4
SHA512

89768d9beb8800a20d506cb40254df9a2259d334979db873d357604ca776b6a4c6fabd537ddf9c517eadb3607618f91b2f288ed66060348fb7037c29e3fd30ca
SSDEEP

196608:LD6T4a110xIPoIeP/ShMIgHUkiBY8dG7iFnu6ToJ+Ov8e1I7ao:L+T4a1CiPMIgHjWvEAnMhs

Score

10^/10

diamondfox botnet stealer

Malware Config

Signatures

DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
botnet stealer diamondfox

DiamondFox stealer 1 IoCs

Processes:

resource	yara_rule
behavioral1/files/4164-23.dat	diamondfox_stealer

Acquires the wake lock. 1 IoCs

Processes:

com.protectstar.antivirus

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.protectstar.antivirus

Requests dangerous framework permissions 3 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS

com.protectstar.antivirus
1⤵
- Acquires the wake lock.
PID:4164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.protectstar.antivirus/cache/volley/-4440143561595694984

Filesize
116KB

MD5
fe0728b043f0f6195f1c5caf497d147e

SHA1
24038b3df422fce68ea6d2beadbd1f6be691a715

SHA256
3c8ce1ad683b36debed9074aeadad3db7d28415e70871386cdf68eb4327d7fec

SHA512
7c74df4683fb820930ffec91812590dfb61a8d1dcaf982112bd54a26f80c0cb1adb16d60b1e371e7f6eda2b152e5f1560382ccb7c4729328b2475d68413525e6

Download Submit
/data/user/0/com.protectstar.antivirus/cache/volley/-4440143562082814216

Filesize
394KB

MD5
c5effaabbb78959e8deb358fb07f8240

SHA1
58ec986cd9e9af7f37bfd2ae2c0565a391b42b95

SHA256
62011774d3a16aef1dd9ce7049855463dcf0b89ad9c8eec047b920fa133aab37

SHA512
1187152411e38180f608f76dcaee44a70fc28ec9fec729644fbb9ee0f53b9b0b6bb3221f8c2ae92c6aa7ae331f472bfed06ab525052237ef53b45fbf16ea3f24

Download Submit
/data/user/0/com.protectstar.antivirus/cache/volley/-504558873-1090045957

Filesize
216KB

MD5
5b7a95580e0c27952f11bbbd89557977

SHA1
7d18e094f8631c6da34e59f722f37c5365705b29

SHA256
de58677902bcc55a39c0defadf2bbd66bdaf5d9d8249a63a8fc1ca317067b66e

SHA512
d8ad7b47db85793a5a3fe891251442e8d7f0bc2b280ad1ee87e49b81e7f10081922cc450651a0a5d7dff907d56a7a2fea9a984787f9b73c3a7b10d45af90557e

Download Submit
/data/user/0/com.protectstar.antivirus/cache/volley/1832329520563655267

Filesize
954B

MD5
18ee310689e7a09313a8c3496c068164

SHA1
f30daa15059923fda53c2e44d235b1a1ddf189d0

SHA256
40c474cf95eae85855ec57e94660c5d771c5e581bda9621743c21d9350bfa021

SHA512
ea21b2a115be642b123307f58adad1032d62b0bd8293467a115f24f7e3fed7c38edbe20023561cf91c5bc352929dd318d7ac782f6bbfe4e1816728c78f033e5a

Download Submit
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-journal

Filesize
524B

MD5
e845100d6ba47e51ba5e0511f6edfa18

SHA1
bf7fddfe40e4b3de40fd4b3ab60074d39d552b7c

SHA256
a307dbc5942437997e8bff791ac7250b22a42eb06f1437f6e914cda81017b1f6

SHA512
ee6bf27648fd8ad6f9da67013b8e3d1b3c5d2934756bbd3e6d402d43db73f3c2b9325d215feed2298bb41ab3a78b8dd87bb091c008c486825e1da653712212aa

Download Submit
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
726d47fa1ff35a3184827da29e431278

SHA1
52a1866f38e16cecce8d152b1b3d5d3f6a4f2cab

SHA256
bc4c8b24c845536d817d230cc9dfbf000641e0519db72fdc649f38a94c52a231

SHA512
ba2a719a790ef521d7541501dda516e4a0f16bda957b777fee20640282babae3165812f1cb2b0d7b488c8a5afd62f112a6fe90c95d2e6d6ece25b38d9e4ae1bd

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/initialization_marker

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AB46D7019200011044DC631671D1BE/keys

Filesize
15B

MD5
573f30909f4bf560971e1115453c34fc

SHA1
239ea999a5ff1fda1652483298fcea2627e76269

SHA256
b0c0f5f2345c11fcf39b8528bc21c9a0a767d5061bb2ed0d7ebcd0552d8fa847

SHA512
8cf5df41225b624953669de573c71b5fe87c63ac0c566d7a7b9674e5bd9c2c83cad46feec39841a724512098969f28bd86733f2ed00940364fa490c80ccfac91

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AB46D7019200011044DC631671D1BE/report

Filesize
754B

MD5
35aa7628ec1b03474edb4f2607f62cc4

SHA1
413191feb8620252677bf58444f15eb2f29df1d6

SHA256
58b8a6a13ffc4d302a45cb6ea4351aa213db4e8ad4f52506cd6a3bacbf3d80c2

SHA512
51ee523b33b36915025ec52b5f5008eecf5a861f148d93554cc7c013ddca786f8fe530d1faebbe5c23e1e6ca919eb716a2b4f4289f8332f9c77e6de431ef74bd

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AB46D7019200011044DC631671D1BE/start-time

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/PersistedInstallation2180240947766922289tmp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/PersistedInstallation6173210372841711889tmp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/generatefid.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/no_backup/com.google.android.gms.appid-no-backup

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/origin.apk

Filesize
5.5MB

MD5
64bce546d5b79b78e6688420945edf87

SHA1
665cd42c9831d0510db5756c004911c5b71a99cb

SHA256
75078c407ef53a9433ecbdd76f49002a8a5bdc9df0da65ef0bc6040c6bce7dab

SHA512
20c50c51b18bc7f1f281ecdff81e1395ec82a22d12b4a28cb9bf69fee56cf0b7059939f0542c545e8419a32ce158a6300901944f50364f51be33a4995c2399c9

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml

Filesize
590B

MD5
ad8e66f79e36b075e2db0d6530d68922

SHA1
0d70b089d1285c7ff7a8460f335cccf6f04ca782

SHA256
ef7db2813e652473da91b4177115e3609e5d389f98670638c4ea24ffd5301875

SHA512
feb57f195ef598bd2a195d0ef63e58e7127fe17f7916d8826d61b3ac398f59698dcf3dfa0344e354a33819cc089788d6aa522e5089371519b13bb3a22b1938c8

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml

Filesize
124B

MD5
bec381de8325814a91d3027f78b9ce54

SHA1
3ca67905a23a4f030ddc2dcad981443827171f2a

SHA256
53b65b5c10013ac86afbf060a8201944512bb97b072ff7759c8fad2233246361

SHA512
4a93c442c0e350d3a56fbb2f0ad679e01b20502effbdfd3008b39ef0670859940762d2fec60f9524ec31a314ef7a3e31320924d3736cb59ba3f6e9ccd9ab63a7

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.appid.xml

Filesize
389B

MD5
85278e848314a222b2e8576c1974c05d

SHA1
13902a16a3022439a8c2a19bc49d2519c173823a

SHA256
5a3b2b12b909083bb7f4cd652daeb3e15fc39c0ed510bc9d0ab0ef69bdb167de

SHA512
1c29f0c925e5a759f7c6ed28efab38b3ecfd51ce995442d375bc88de3623435fcd65e3af2e2bb1fc8a848d3722ed3d739b460f2021b50b733717b9f25692a566

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml

Filesize
122B

MD5
250b4caeba60ddf53228405750ba66ca

SHA1
422ab714feb34e9f3b4f1cbe669887bcd581ddb1

SHA256
2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e

SHA512
373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml

Filesize
462B

MD5
0dfc0ba59a69d1d21c22f72fc2d472bd

SHA1
fc4bafae634fa52214c647d042a4d7a9424cbc0c

SHA256
b60c47239cbdec67b0a8c6ca949e96fa686c9919f6086e56f54bf8c01d981476

SHA512
501d18b3cc046558fa7fe498a5aed3640d865c05dd800404d82c92aff523743a07baea85c4c6404a4115cf283b38d9a28a38a7d632a7e9e7994d6c6b82de11ed

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml

Filesize
516B

MD5
0ca359d7cef5ffd4644e746e32a08587

SHA1
9863c580101ae53f604c87e030fd37ed177ffa69

SHA256
677a18ddbeb3027cdbbfd7ca3bf9d48f012757d86474a0107691b1227d9c6f73

SHA512
4c2958d65b6212f46bdf13eaa56854efb7b7a643b6e0c3e9f038aa12ecff5f702788740e223c230d60d0b9579e97bad4d8d9f7c0ee93875a6d249bb5b433cbb5

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.crashlytics.xml

Filesize
311B

MD5
21d20683fdb100096b18a1c5b36039c0

SHA1
1af145bbf969426f42438d93c652df1b031b8a3b

SHA256
60940a6b6ad369ad5ea796630d9aabb481614655db77ff59868248ab64129630

SHA512
a75688f81065b03146d45b21dfef149f97ace61ecf4096f56661576d5bca0ac2134e8aa4428fdf126696f553336af7e69e637aa157b123b54aa866c3d7130e6d

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.crashlytics.xml

Filesize
235B

MD5
6be76222da6d6c81851c5d23e16cb2ab

SHA1
4e185dddc2cb370c70da1f0d3a2d150c2ece222d

SHA256
9fe5bd2f1b3814b128bb7dbbbe01b2e43b9b0cf85a713c5bc93c5f9c6888078d

SHA512
c80a46113cf33eb06832c18fd2d59c4164669f35acac6506d3ba69decdb26c6e35684d8513abe3f68c1333fbb1614939cc0ee4ab3a6d8067913685ad4a6c1309

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.protectstar.antivirus_preferences.xml

Filesize
194B

MD5
c78c495cf44504f575a670dc6bafda86

SHA1
77355bef2e78059d7a321dae6c6a56670bae772f

SHA256
645640a89ddef96bd44650003d2906d1395e1c59949afc10365d4affafac2831

SHA512
b166a79883696f8ce4c51132c4adf08ea99a7f6cd13c9ff55fc7026a6480bde3b9be64de96bdd51284974b1675ac9b46f528602b05de0e86b1d363b6a525a3b3

Download Submit