Analysis

  • max time kernel
    2207285s
  • max time network
    134s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    19/12/2023, 15:55

General

  • Target

    55b815c4fbf2d56d0b1179b5375fe4cf.apk

  • Size

    7.3MB

  • MD5

    55b815c4fbf2d56d0b1179b5375fe4cf

  • SHA1

    07a7871921c263f1b1724229ec24e968bffecd70

  • SHA256

    fbf03b43724bc39fa1fdd28e15f7ca1556d9c561dcf2cc7dd25a3f13aaab47d5

  • SHA512

    90d16a92a91f36104df733ed0204bbc46734130c377dc86982c02efcfc96a8d84a1f67a6b99fac383aaa973e223248b9914f8dbbbc645103c1450cb869244cf6

  • SSDEEP

    196608:oSsLa3DUbszu1DYBBzGW3BAWQpR3r679a3SCzo1Eqy5nz8+CGudk:0nIu1U1xBqpl+79YoTGrCGudk

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.

Processes

  • com.annlover.ch.core
    1⤵
    • Loads dropped Dex/Jar
    PID:4245
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.annlover.ch.core/files/__pasys_remote_banner.jar --output-vdex-fd=77 --oat-fd=78 --oat-location=/data/user/0/com.annlover.ch.core/files/oat/x86/__pasys_remote_banner.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4321

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.annlover.ch.core/databases/com.annlover.app.missions

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.annlover.ch.core/databases/com.annlover.app.missions-journal

    Filesize

    512B

    MD5

    832714036c1ab40c67522daf9e07a551

    SHA1

    82b51401671972ddcf62787f0390b9292cef3ea7

    SHA256

    562f18b12ef54a6bf62e6d8eb2ab9c1142cbeab759bed7b2ce8cec0c7ff1c09a

    SHA512

    f181f46f3ccd338c35398fe3967ef7eaa59c710567f9be33e8d2c23aa838acd7e720ac4a09e8b5b8b7dad95af8ec794cfc70147c6c4d2a208417c5d3ae1797c2

  • /data/data/com.annlover.ch.core/databases/com.annlover.app.missions-wal

    Filesize

    88KB

    MD5

    4f956ba7a5e3f0d5fb2c80d51ba0eaa2

    SHA1

    522b2dbd4e070bca9598daacb41ec1db4b9a2e16

    SHA256

    0df4011599ef907e1d84c2806f9103aa50fa4a1e77f248d5b7d9387799260b50

    SHA512

    3d13cd673c80fb8fda1b527429b6739a9e8924425c3dd633622597a5956cf188405ce70d9435bd54ca69f228fa5c38c39f950706c82f0f9d98e1c43376857b76

  • /data/data/com.annlover.ch.core/files/__pasys_remote_banner.tmp.jar

    Filesize

    248KB

    MD5

    c31999f04bd8f06eb46463d6377ced9e

    SHA1

    ebf3f0520b2869d35b0a9e51a293f748dbcadd98

    SHA256

    fc9323eb899f392d38dee1e26e29d3e3d41b0f61fae809be9aba1c8be7b9c004

    SHA512

    4fb1a002f4c75b59274921fc9c2c1153019eee4ec6111b473aaf64ef5dd0fff6b26c744ea5583e41205e4d24cb3a8e8e9c58c0dc07bd8736dee8e14940660f91

  • /data/data/com.annlover.ch.core/files/mobclick_agent_cached_com.annlover.ch.core

    Filesize

    120B

    MD5

    88319f8a6b1a4680f091f3339e363b7a

    SHA1

    79b23299db936e7d1b2d113085104f0dae296f25

    SHA256

    2c21da95f54130d9002f1d85cf87bcaa7c98a7eb94df011eefd662c509068fa2

    SHA512

    ab740797c71bab593f9bedc2db140589aae9f4eaa386a955b0c729684c6c5599ebbed9a08fef0cef2c630443008569cdc4125b06b067f2ca4a8fc2f95f2dd35e

  • /data/user/0/com.annlover.ch.core/files/__pasys_remote_banner.jar

    Filesize

    375KB

    MD5

    fec2de346cfb5ce2347d36e1a3e51680

    SHA1

    7fd2106ad90c290e9dfdf8f67a64ce7a094ca4a6

    SHA256

    1a02b6d581357bef05f833d94ecc92c8bbc411956ff7076fe4a703d63b54b004

    SHA512

    7d091a36e9a09bcf15b73361ef72eba4f9eff7e0d881109b757e2843dd18f13e71e48a64dcc2336695b538dfddc0927ea8f4b0b63a30cc55d27eff3f55b06da7