diamondfox | 44fd5e974fc5c7903d67233ba9e4718b7cc63627a28ba8fe1d2c7ef6eb5f74c4

Analysis

max time kernel
1073382s
max time network
127s
platform
android_x86
resource
android-x86-arm-20230621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
submitted
10-07-2023 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AntivirusAI136DZAPKCOM1ap.apk
Size

10.4MB
MD5

2281a663acfc3e81cbdb7ede827c2d6d
SHA1

9b13e7d7431a3847f9e1abb3cc793e498c4d86f1
SHA256

44fd5e974fc5c7903d67233ba9e4718b7cc63627a28ba8fe1d2c7ef6eb5f74c4
SHA512

89768d9beb8800a20d506cb40254df9a2259d334979db873d357604ca776b6a4c6fabd537ddf9c517eadb3607618f91b2f288ed66060348fb7037c29e3fd30ca
SSDEEP

196608:LD6T4a110xIPoIeP/ShMIgHUkiBY8dG7iFnu6ToJ+Ov8e1I7ao:L+T4a1CiPMIgHjWvEAnMhs

Score

10^/10

diamondfox botnet stealer

Malware Config

Signatures

DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
botnet stealer diamondfox

DiamondFox stealer 1 IoCs

Processes:

resource	yara_rule
behavioral1/files/4130-24.dat	diamondfox_stealer

Acquires the wake lock. 1 IoCs

Processes:

com.protectstar.antivirus

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.protectstar.antivirus

Requests dangerous framework permissions 3 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS

com.protectstar.antivirus
1⤵
- Acquires the wake lock.
PID:4130

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.protectstar.antivirus/cache/volley/-4440143561595694984

Filesize
116KB

MD5
f98bf81e4a9c712c04645c732d0d03e6

SHA1
abb22aa82330d715589f5289359f2899737a2aba

SHA256
d2a97d7c9f614f148a6f1ed63057e0ebbd6386370088c16a1ec921da00e21a75

SHA512
3b9ba6b7f0c9ab68053302b2f5bfafc3ab73e3e4c3fb8f7c571aeadaeb27d95234064c105f8ae105ae2611d05573ed912dff91c4ba0e2509fdee5dbd21403ce4

Download Submit
/data/user/0/com.protectstar.antivirus/cache/volley/-4440143562082814216

Filesize
394KB

MD5
d2ce7da2614046c00c2a68dd8c049332

SHA1
4beda6adb093fe789efd63e2cf2f2d8954d3c0d2

SHA256
fbae0703914713cfb3bcfd33311d09f21030fdc8fdd90849abbb30e09f0ba7eb

SHA512
5ec3fa60b20c63219fbc92f5142fd451fae9aa09579ec440df15959bfa51bcb2000d3524ed9876eb14895fb1a0ccb49f6dc355363bc07e872583e751e3235434

Download Submit
/data/user/0/com.protectstar.antivirus/cache/volley/-504558873-1090045957

Filesize
216KB

MD5
d5976bcc696c648487b50d2f93aa9ae0

SHA1
9760fff9069022bcc9e26b706f7d1abb7d66f114

SHA256
01fcd0ab87ed60b538bdfe75b1902ad3b399a6def95db1f231dc73571c464d1c

SHA512
ef622621d6c65f47449eeb0218b1953350dc64eb56e565ee7ad03f8efc7a07dd04025a585635153300afa93e1a8203c79d9df671f0f735d87c3280f5ba6184d6

Download Submit
/data/user/0/com.protectstar.antivirus/cache/volley/1832329520563655267

Filesize
954B

MD5
eae4358251c8fbadfdb40bdb1fcc46c4

SHA1
2accdb66169bf748a5801328ee4e180a2c016157

SHA256
24f6d97025eccfad6ff210634c64d15cc8e476d7b9b36ed3c67e84c9d8a025c1

SHA512
17a0ce1e7c6059bae971e99292c95a8b752da6e89024e4b3c1298fe9e69b290c1fc09b073002f0760f04269aa7f6ad52189f2d12f6ebe8cba4a221740037c596

Download Submit
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-journal

Filesize
524B

MD5
e265fe62f506350508a659e1cfa47ab5

SHA1
e85ac1225f7d6998f92c02163d2112250d1b6390

SHA256
593578522d73c0ed291e79238047249abd828d7b791ea29b02aaaebb548a1f0b

SHA512
182ef119e4bef40a291111457c5a46931cd3f74353d7b9544da7513c9083d99834b56e48946bd5dc1bf0cae4fc0c1aaae38ff0e480fc57f64638d0ab35be0c0b

Download Submit
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
e73ad47d8d33614c18da254c876d8be8

SHA1
7533e155e26f02c01f9dc379adba3688be60bf26

SHA256
fffd04c56a2e348cc106a64fef074afbeab7f0ee456c347f3ff7af77719db472

SHA512
0e152405da3db7a2f0766b63e0f77920127a5eaa4fb7f6c484df468147ff6d56e1f883bd8d6da4e4a0976466393731c1971a4e310e8a66196bf13aa6c497e7c8

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/initialization_marker

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AC069E022500011022B63AAF4942D1/keys

Filesize
15B

MD5
573f30909f4bf560971e1115453c34fc

SHA1
239ea999a5ff1fda1652483298fcea2627e76269

SHA256
b0c0f5f2345c11fcf39b8528bc21c9a0a767d5061bb2ed0d7ebcd0552d8fa847

SHA512
8cf5df41225b624953669de573c71b5fe87c63ac0c566d7a7b9674e5bd9c2c83cad46feec39841a724512098969f28bd86733f2ed00940364fa490c80ccfac91

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AC069E022500011022B63AAF4942D1/report

Filesize
754B

MD5
17097f1aab8877e83df0a310c290c01e

SHA1
e2bcba780132f8bb0011568147de93a60ae29d49

SHA256
ac812c92a66e660a98c75983168233bbd7b8840a128614c03fa47f5167c6cce8

SHA512
0195cc1d106f5297e4c955ab5d10895eba0456df5bec276b5d6930564eeec6edfc567fc9ba3155bea3494121d6d7abea1f9d5d111e45f9f82d6e9e6eb255c69c

Download Submit
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AC069E022500011022B63AAF4942D1/start-time

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/PersistedInstallation2103747448313327976tmp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/PersistedInstallation7325596795498429696tmp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/files/generatefid.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/no_backup/com.google.android.gms.appid-no-backup

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.protectstar.antivirus/origin.apk

Filesize
5.5MB

MD5
64bce546d5b79b78e6688420945edf87

SHA1
665cd42c9831d0510db5756c004911c5b71a99cb

SHA256
75078c407ef53a9433ecbdd76f49002a8a5bdc9df0da65ef0bc6040c6bce7dab

SHA512
20c50c51b18bc7f1f281ecdff81e1395ec82a22d12b4a28cb9bf69fee56cf0b7059939f0542c545e8419a32ce158a6300901944f50364f51be33a4995c2399c9

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml

Filesize
590B

MD5
1cff29b55b02160ce4fe311f6aa34d36

SHA1
b02b16af91d8a4def0d97361eb2ea8471a766c6b

SHA256
fdb86ec9e513cbedb59f29210ff3cc61b6f0aac33b2a287ffdb0337da0948a59

SHA512
5993a8b135f9dd1e6722054a543b755333c4ad4094d42f98a3236c0f9e1951cf1a66f7722dd594b175ea3bd8306cf5394be7885fb571d867fdaaa616e2e6aff3

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml

Filesize
178B

MD5
06be4c55cbf48e1381ab5cc94f8802eb

SHA1
279f81624a64ea2a69390b0f48d52e0d3c2aa7ee

SHA256
6094a60105de7be3ba2dcc8eb75de3832d6ee631decb95e43fe4de0d2d10685e

SHA512
e93a237f2a9b8621e311b76f2a9735ae726d60d8e0978ac13ec4a029713b3355a9b5f6b17e4bccc0277cd37245e91ad94507cba4caabfb469033a331ff4793ca

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml

Filesize
536B

MD5
cc50cc927314a9a5b5fc9d7b1d700bd0

SHA1
e9488a294a95a08e6e8e8c4be19cfa3cfda63c5b

SHA256
5ec8f4f7562f575a09be607ab902e2d60350168d45d7743dcbc18223b86a4daf

SHA512
b4381cf62ef97c34ce668fa4d741ef0a6c7814dd25edd06d65ad2b30dd9e816d599845cf4f2d3fd4a7825abc386e6d9034a37e1b0c912cb06b8d1bc69f2ea5b8

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.appid.xml

Filesize
389B

MD5
19c6136fea22cdd1306685f7179cbe8f

SHA1
422dd8a5b8639b26ff5156de8193eb852ec69b4f

SHA256
9f03f5c1ce7e15dc09a184d2dac54a2abe61399be4ff44de021aaaf874818802

SHA512
159047985d5d0e8196c7fec2b93ece2e4feba83d10a724db7cef6d395989854cb84985f8d91703fd4bfc4de64dd28d6ffd0c1315431b7ac2882b06787936078d

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml

Filesize
122B

MD5
250b4caeba60ddf53228405750ba66ca

SHA1
422ab714feb34e9f3b4f1cbe669887bcd581ddb1

SHA256
2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e

SHA512
373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml

Filesize
180B

MD5
b421e631dc9b8025673ab3f058aa35d8

SHA1
fe46fcd60f39a87e1c4f16c5bf038a600e47e363

SHA256
e407654a51b55fce929fc2d19bd6959e000ca19c2cc9806afff82d8ff5e6e52b

SHA512
443657816f7d18894822f9f70d87b98f3915f5f0ac8da1185ef538366e58e0dc0c0698a16c054f1ae0e134ab80d6906c1e8ea31c0dc493186e7144c031697b20

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml

Filesize
456B

MD5
4c5bad331a5fc9d4e6d9a527f6bb4abf

SHA1
ac7846e05c0c5d409d507087fd3abb0530881ec3

SHA256
024ac3afd580dbc4095a0fc34df4ccbe3d63e0d50465a3c6b9de9cf1fe17f8c6

SHA512
446674723e4416f795809a970f3928617926a4cc162c9cb871a5a70d6b25590922abc4374d05c1fd94cf85dde2ccd3477def1df247445bda87fcff3c38f87ee4

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.crashlytics.xml

Filesize
311B

MD5
34f5f880192122d2e1ab6a30db2920c4

SHA1
587579eace03de9472bf67e52df58f012c2e619e

SHA256
835642f27573cbdddf3e85d00dc20436003db9402bc139b4f328646f16284910

SHA512
00a97ee3f7cada0631f5fe761d055942b712b458187890da473663fe742549f8fff6ece0871453aa90466722972e56da6e84db947339101ae197608c4f714924

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.crashlytics.xml

Filesize
235B

MD5
1ae01225fa51df678d2d1b0b75be2859

SHA1
ff97af4ae2d1b4bb4fb66594ab8c1ba853c7d1a6

SHA256
d1549a8cde7a15d506d4b1474cad62cfbd5839da51d54ba0137655722e8b726e

SHA512
b0ed064a4815b78d11032b603399cffa6bad5d5064a20d9831a34f4ad226b818c43a0c44205adb877e92755a8efc279cf343fa87452261b535f58cad242ff81c

Download Submit
/data/user/0/com.protectstar.antivirus/shared_prefs/com.protectstar.antivirus_preferences.xml

Filesize
194B

MD5
c78c495cf44504f575a670dc6bafda86

SHA1
77355bef2e78059d7a321dae6c6a56670bae772f

SHA256
645640a89ddef96bd44650003d2906d1395e1c59949afc10365d4affafac2831

SHA512
b166a79883696f8ce4c51132c4adf08ea99a7f6cd13c9ff55fc7026a6480bde3b9be64de96bdd51284974b1675ac9b46f528602b05de0e86b1d363b6a525a3b3

Download Submit