728e97765f965d360646df0e0bc5c554090a36421d9041fa3987d3174bd515d2

Analysis

max time kernel
2327619s
max time network
136s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

728e97765f965d360646df0e0bc5c554090a36421d9041fa3987d3174bd515d2.apk
Size

26.7MB
MD5

38be135c31a6ba1702ab796c6069fd77
SHA1

62c39c712cc00d06405e4c9ca601c9039fa2f40b
SHA256

728e97765f965d360646df0e0bc5c554090a36421d9041fa3987d3174bd515d2
SHA512

b6547d7780166d5819b9700994615b0d2098c7ed16cc645c0038aa9150a716ece064cd861d9a5147005e33913c051ba664bd043711c89e4f9b46847cb27b2701
SSDEEP

786432:W5zSmzG2RQC9aqf6q2q5O3GRw++0ZAPj/HyF45Rmt:WhS6Gu5TCqZACwD0sSqzmt

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.aceviral.angrygranrun

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.aceviral.angrygranrun/app_oouj/kkl.jar	4305	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.aceviral.angrygranrun/app_oouj/kkl.jar --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.aceviral.angrygranrun/app_oouj/oat/x86/kkl.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.aceviral.angrygranrun/app_oouj/kkl.jar	4253	com.aceviral.angrygranrun
/data/user/0/com.aceviral.angrygranrun/app_zxlk/bvfg.zip	4339	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.aceviral.angrygranrun/app_zxlk/bvfg.zip --output-vdex-fd=55 --oat-fd=54 --oat-location=/data/user/0/com.aceviral.angrygranrun/app_zxlk/oat/x86/bvfg.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.aceviral.angrygranrun/app_zxlk/bvfg.zip	4253	com.aceviral.angrygranrun

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.aceviral.angrygranrun

com.aceviral.angrygranrun
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Acquires the wake lock
PID:4253
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.aceviral.angrygranrun/app_oouj/kkl.jar --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.aceviral.angrygranrun/app_oouj/oat/x86/kkl.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4305
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.aceviral.angrygranrun/app_zxlk/bvfg.zip --output-vdex-fd=55 --oat-fd=54 --oat-location=/data/user/0/com.aceviral.angrygranrun/app_zxlk/oat/x86/bvfg.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4339

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.aceviral.angrygranrun/app_oouj/kkl.jar

Filesize
121KB

MD5
e3fe436b416fd037d72302c10b99b58f

SHA1
d58b83ef05c5e6e1054698383ec5ae982c29647d

SHA256
96adc6f56ab1ff27ebb170c6cc4162d146660c6118a5f2dbd9f76d5a70033bc4

SHA512
f8bb3d43b46842a09268b47c40365b55865e6f3aa643e6231ac3694c063ec1e93f257dd0d5f701d537cf427d4a1d53e7099c1aca227e8be62d608e98b13fc23f

Download Submit
/data/data/com.aceviral.angrygranrun/app_zxlk/bvfg.zip

Filesize
81KB

MD5
18f06dbe67a1501995fa870ce759edb0

SHA1
b0a76231459205867d8415f6a5f4dea69bcc7afc

SHA256
bd3e39a7d55df2f9007f65cb73fc24df38748ba64ba4d969878041b785bc14ac

SHA512
d61e8bf97c6102050d3e26fd5f8eb35226fc7a4deb28e064c051c92c6daef99f17895cbe4fbd46fbfc7ca48f0d8585d142d5ad7797fa8aca1ffae757feb04dec

Download Submit
/data/data/com.aceviral.angrygranrun/cache/__chartboost/CBRequestManager/53405243700

Filesize
330B

MD5
14b1916cbe74f973b0ae5c58a389a797

SHA1
c3cd808cbe4b557ebaa27bf3926b73dc1f9aa17a

SHA256
7a8e2f450c4297aa9c60d420181d433613ad237a670c8975833182a8e1dbbcf7

SHA512
24ce2626995f8cd2548663f37a4540f934ef430d346394500347eb3fb817c0772e369feafb1f750c8d81d85ea2e8e84f92e07deca9d11bb28671c58d32814571

Download Submit
/data/data/com.aceviral.angrygranrun/cache/__chartboost/CBSessionDirectory/cb_previous_session_info

Filesize
189B

MD5
fe0c24e735dd4cdce8d6f4582082bdeb

SHA1
c882b6fd53e55b94643009db371e098ead45f9e7

SHA256
351f6b2899d8b2af560d42fee41c90070836e93c4be2508ad85c3f8ac4e3c931

SHA512
0dcb31c1411d4dd1d91d12abd739471b587644e3e0c68277e03652b923adde76f60285de71d2395b4a85bc55d6aa92758ab85fbc1f7496b1b3d3a6a1a194b40b

Download Submit
/data/data/com.aceviral.angrygranrun/files/.FlurrySenderIndex.info.AnalyticsData_XPVPPXZPB8DDS63XWVVK_171

Filesize
42B

MD5
4891fd901bc3663980b3bbb4894f8e76

SHA1
e4229007e38dd47035b18f9c0377928346ef8290

SHA256
3921b37e3c5495733dd200447d74ae396fae35433132e1ef84d6b9b8c7e1e29a

SHA512
b192518a8bc2085708faa3e050a8911fcb3d4daeabb9a79a51c615547333a9886487d252dc16e8f6156d36dad56b35a7d2bab9c90a148c264c95fc62e81ffaf9

Download Submit
/data/data/com.aceviral.angrygranrun/files/.FlurrySenderIndex.info.AnalyticsMain

Filesize
44B

MD5
d7caef30bab61aaf9091c61696e941cd

SHA1
aa054188ae5808a8d761854cc55940c5c44b9f49

SHA256
96d0b99ec7281977aecdd22c910f891f580b65f4f71e77a584b2ba8e5b092eb3

SHA512
7121b8e9e571dc1ce38778a2dccf026049c545662db2e55ea4b21de7d9e390e21f8ddc2c2105a52897bb39ac8fba2e67ae7ea4bf36663682a7c55964be0a9ed6

Download Submit
/data/data/com.aceviral.angrygranrun/files/.flurryagent.7b01c102

Filesize
58B

MD5
be6cad63d8d18bd9c3110c9e0e73c925

SHA1
7d110dd540c6ed170c1897ea9a36da6299c901f9

SHA256
48638589fa21e23b58a36758f7d6c71bd2997e9843eb7381f3a21bdb968884be

SHA512
7d23e0d59bae00b1b5f50e15f7431f729a8160308c3e42a692a784ee9929ea4a8d390995665c7dd7f821966521ea3797740a496bc4c9d7d56d2f2a040d221f03

Download Submit
/data/data/com.aceviral.angrygranrun/files/.flurrydatasenderblock.07ffe048-ddf1-4ecf-af7f-c994fc0d5ca9

Filesize
329B

MD5
df69afa4830274c91f09ce0bb9d470ac

SHA1
02e442693068d47882b0dfe4bb1bbe846dce7b69

SHA256
acf288706ef8af63e1a986846ace486f6b93c0d310edeaeb8efcd74ca6874555

SHA512
45bd8faef1876f28a2baa7c507f21690880a632b2248f6f543f4232f602dd02020d8bba52415f863b578750667621a7c942b3a26286434cefd8e15de0bd1d495

Download Submit
/data/data/com.aceviral.angrygranrun/files/gaClientId

Filesize
36B

MD5
82dafea3d9c974a6cd56f8db16a4532d

SHA1
c24bef305c351d0a791900170476dcbfdc94081f

SHA256
1e2781c059ee1147d96acf0cbbdef46ebd06d29b66ed6a91948c4d1de75aeaed

SHA512
fed57bd2554edbe5c562b35175641eeba3d9ca0db80b4803151fa5bcc5e73023a61e5bb67a77b1bb23d39dccf3fe9df86b19bf5544f60f5cd155d3f0ae34cf3a

Download Submit
/data/user/0/com.aceviral.angrygranrun/app_oouj/kkl.jar

Filesize
249KB

MD5
e0c1a260c51b105b7d56ebdf172947a7

SHA1
bc8e1bcb58dc38e0fcbac7a5d6fdd2276ceb3ef5

SHA256
405fc1c16ed6833ce52126dbdbdb9631d3ff95e6d342c436668da1f5c1d9e520

SHA512
8c0cb0f66dd194ced6205158945b42886acf604e39749f292d5f0341d5a8a8ef65665e8cdbc64a096e90426cec13d40147634fd41e726ecc9c659f555ccd8a69

Download Submit
/data/user/0/com.aceviral.angrygranrun/app_oouj/kkl.jar

Filesize
249KB

MD5
8de49340f3a3e2b4a26a752db9cfc501

SHA1
3042d702a9d41555db3cb3bece25a43cf239bc9f

SHA256
045a4117f34d2f15efd34e2e365af3a52181d8dafdc857a14cc200e327565748

SHA512
6e949b28dbe5e899e155fd4c635d6ce703fe359b12ac720834c6ee62da1d5a52792ba7cbb16bab28d96512f567a35f25ba4cede9558fc877e371da1e2f3aa09d

Download Submit
/data/user/0/com.aceviral.angrygranrun/app_zxlk/bvfg.zip

Filesize
175KB

MD5
bbc2476edf00412c6afeeda15e731cd2

SHA1
8b88d326abf49c7a4cb78165530e450cf1df732c

SHA256
ec5ca168005ad03919bc5b79383972a265b6b16e677165f60ceb1e99b46582fa

SHA512
f60a0040d57de8416d1e69bdf3763d915205763b3346ed15eaaa6ee23dd652b59031ee6bcd5c92b195ab1beed03a6ca028d284f8a3a8100429d0599def63ada1

Download Submit
/data/user/0/com.aceviral.angrygranrun/app_zxlk/bvfg.zip

Filesize
175KB

MD5
8626ba1999b4824c5af0ee03738c087c

SHA1
167eaeae1b1672c0b9c8422d07f17e9ba83447e8

SHA256
ffa0eda060308365824416efc5cbb421c5a36686c98ab507c5e939d1bc3d094a

SHA512
3ced469a9173834fb89b79243c4bdd5f6e4d9765e9f7a11509ec707b59dc6323773904db7c6e009fd6fa053efa9d31e0fe690c2209c94e153c0fe6cf3a12beea

Download Submit
/storage/emulated/0/ddad/log/com.aceviral.angrygranrun.txt

Filesize
94B

MD5
13d0cc7aeb9eb4f7d8b91de77faa8343

SHA1
1569c4d3e2ff11a4d348832d3883c155c1969022

SHA256
b4fbe1c085f74ab644961450bf38f2707049e137099535ed5453497efb688882

SHA512
ea8c6861c5afd79720b324c65623edeedab1516b48b3b9f3f312e833ff528af88dca1d5df6621afa602930709ffa924306811b72086adc394be2bfe16d60f7a8

Download Submit
/storage/emulated/0/ddad/log/com.aceviral.angrygranrun.txt

Filesize
45B

MD5
207c9adc31cd4046208ae9adf30f6c8c

SHA1
d228c67c17f24d750cbdf4895a0fbd53c3fd7069

SHA256
a279ce13382b56d7f8be40746a35d9cab49400d8a97e4ae4d09edc4b6ee90996

SHA512
da98ef5cf6de8dd51a169ea89474256981409392157b3a5bbe732f1d17f1cb1cf6685621c643a4eee932ec453337f5acea015e993b942ef048fac661ea0dfbfe

Download Submit
/storage/emulated/0/ddad/log/com.aceviral.angrygranrun.txt

Filesize
41B

MD5
91d005494a6f3216a1afda959cc7a181

SHA1
e42a1cdf4055eae44d3037469a74f09bfa5f3675

SHA256
af03954ac8f809848b7bacca121357d1ef9ee49663edb34be4926148cfc15eab

SHA512
07ac2d2994583160b619dfb5a3da28a530f86a0186eb80e06eaf40730fba960f897a6d79814d56bb8a669a04726976f13452d1881b82b0413c96f6645b35640c

Download Submit
/storage/emulated/0/ddad/log/com.aceviral.angrygranrun.txt

Filesize
75B

MD5
40d7fa80190e68b1c3877a448f02c498

SHA1
757ed4a33f52943231e912485f8cbaacc30a3c22

SHA256
4fcabe413467bbe5362ccd4f458530786cb8b6655e758b3cf3dcb8d512b0d606

SHA512
61c4da6b67a71dbb1bf8479523742f95689ad1d9a851fa40347dbd574f1bca705feba02ea146837e1b95e57bf5d8dadfaeb48742e425c3c66eaa540715745bf6

Download Submit