925e8f615d785476093b838017f3049361666333142455746f19279af296381e

Analysis

max time kernel
2527411s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

925e8f615d785476093b838017f3049361666333142455746f19279af296381e.apk
Size

8.1MB
MD5

7fa3df3ad79b4021b6406e40254ef78d
SHA1

3a57628fc2656090eeb3d6c612831bfb99207f95
SHA256

925e8f615d785476093b838017f3049361666333142455746f19279af296381e
SHA512

737a2fb7e4830272a6bb6ee9a47c55a7d5c290c4bf2da5fe34bf548f62f7ed9dc765d34744f6764a7989dfa645a37514cde7b3f79d769799b72ffef21fcbeac9
SSDEEP

196608:yWtan38QSnkzTtWpUSeAW/SyB2o0mJtYd+V:Pa3tYer/MmQdA

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.zeroneapps.uygulamapaylas

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.zeroneapps.uygulamapaylas/files/audience_network.dex	4215	com.zeroneapps.uygulamapaylas
/data/user/0/com.zeroneapps.uygulamapaylas/files/audience_network.dex	4576	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zeroneapps.uygulamapaylas/files/audience_network.dex --output-vdex-fd=169 --oat-fd=170 --oat-location=/data/user/0/com.zeroneapps.uygulamapaylas/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.zeroneapps.uygulamapaylas/files/audience_network.dex	4215	com.zeroneapps.uygulamapaylas

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.zeroneapps.uygulamapaylas

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.zeroneapps.uygulamapaylas

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zeroneapps.uygulamapaylas

com.zeroneapps.uygulamapaylas
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4215
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zeroneapps.uygulamapaylas/files/audience_network.dex --output-vdex-fd=169 --oat-fd=170 --oat-location=/data/user/0/com.zeroneapps.uygulamapaylas/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zeroneapps.uygulamapaylas/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/com.im_7.2.2.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/com.im_7.2.2.db

Filesize
24KB

MD5
03f7028639b2683632dcb7032e7a0f2a

SHA1
402f35ec09c82c9efc99421a51c4afea47ce212c

SHA256
227e7881c56e8ce32fc86669bdc6367e1b36c3bfffb47bb79074b842f04abeb4

SHA512
6fb74c987c34cb568393bc05e97bfa6fe31700980c8813cdc80aaf353b7fc2338e19feccf937275b7d4f63c015580471936e80e2af2d1eff10a8b71b2400e3db

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/com.im_7.2.2.db

Filesize
32KB

MD5
edbaf0408217705b11c3f7e2508083ba

SHA1
2ef47ff552130f550ba362c56c1934ea3e6ab315

SHA256
fd357338ac935f8bfb495d5d17a45e7aa0226e99b4c8ab85f6eab284fd85beec

SHA512
86a706959a402952f1e3d426a6b017856dec6d90df02b25b2570bde581774903c0caf0b4dcf61bea60032cc271af712fc3ac285affa847ca02e7fab17c8f3bae

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/com.im_7.2.2.db-journal

Filesize
512B

MD5
d208032561d696f71ad86bde8178c870

SHA1
a6408c23cd4336124f794adc603ec334457c7458

SHA256
48ce4185bc8879ab1a81dd3f42c71c935836b0c5736e528ae2eacb55681a648b

SHA512
77f57ad4b13a5c3db7773267771b162e074c62821927959c4ae79b61a825952de61840aecea92e9cc4ea8f7394c30f9a819a8b88bec65ca940a369cc0c4a7cf1

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/com.im_7.2.2.db-wal

Filesize
36KB

MD5
2ec63821dbcab65f1ae01f38702ab40f

SHA1
47c15d7b701e28cfc034ad098eafc65c667968be

SHA256
c98dbc57c723a80110861358767631b25cb8fb0b136314c96a9d12db00dd7182

SHA512
f8f23531622180907056c63e42dde4dfdad724d03535caa6954e4d53c993cfebdf9506ccf4931fc64a9ecd1d3c6f2709fe552bc23c020de9b03671fe7734150a

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/com.im_7.2.2.db-wal

Filesize
12KB

MD5
b365f6bf0bb7190a0e617e92420fe9a1

SHA1
b0379d1640027aa0de17988b3eed78769c8aa645

SHA256
01d14539608896baafb6827318891d0f22ed738799ee0b56e27354c471eb6d0f

SHA512
85a3e6bd49ad4e2fdffc6e69679b53d7e387d0bd82f73022a4c55288376183779c1954a14e6902f31e1a472b36556db6a243bfff64347bcdc01908c9bd08e10d

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/com.im_7.2.2.db-wal

Filesize
24KB

MD5
0c9252646c675b38f310777a17d9f352

SHA1
98e60ab2643731e577547e69f531fa3c75e35d66

SHA256
36a8aa37f15cbd0986e7bb6077352506fef2a0bb6beee47483ac4dae6f1b34bd

SHA512
4950e585d353b0909888a28756bd802d2e90af937338c5b37217c8d0a8f3638c6df06e29a5813a850cce694de1bfe3530cc55a69727e17fbdd6fa80d0f81755f

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/com.im_7.2.2.db-wal

Filesize
28KB

MD5
eb94c678e1fbc4747c978d5b5c1f4c65

SHA1
0abf2479806a9f90a96393406c493c1fbda22fa8

SHA256
88b43c930574d9d6342549f18c1919aa8444f45b6062d70d7717871efdc22257

SHA512
23af64a649b251d4a2647eb2030063085fd9e6ae9d86989304dc41ddff71fd3a6acaa37c046c53a9213154c16da72d59224416e961969e9fa07a7c21102034e8

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2c385469785193d566d5132d224918b9

SHA1
0096322f22fd9384a9c65fb11c856989de9aa2ef

SHA256
bf94966e96c6947a392a0792166d0a7398839917898618aeb5ad4bf45d41f33e

SHA512
58ee01d6891949dff91a8b4599608f1878491ae9c3e9ad5f0cfd2346f5cc07bf6635a8c3cd19e311d29abeca315231d5ba0232fd784269102c04cde8459faea0

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3ecc5a9882e14739d709fb02338f067d

SHA1
ab42465df60b9c2cce7146fc9922d023478da7e5

SHA256
5c2b296c31bc6995e8f558a27ede643636870471279c9006c270f0190389d361

SHA512
188419a92db5472d427062b6a5641e998165234ab34d58081002852444a42dc6fcbc29cd4384acf098f92e0698675c15f0ee9e45afbb1912cbeb850a1b08745a

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4d5feba7764970103c8a1e5393106625

SHA1
e86295039ef30d2cbacd216201808c01fc1be3a3

SHA256
6ffb9e7ee6935af581963cc49a4a535f5237a48d0d131fb0ef7268cc55d5408d

SHA512
ec4ebd027c129ba74b9dc55b692fcd1115bad493f3252092dbeb9ce62982ded1abfab76c20458bb017d4fc46953b889814011951fb2dd3c328e326d7a008c263

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fc7d1cb642b55e50be096171dc60b0eb

SHA1
7d00b9ffdbe5980081dc04827d858ab5a6f51d94

SHA256
37bd9c787ffa7c89cd97dc8f881f5b3dbe12c995f684ffe447d8aa5ee1427a26

SHA512
0b37657c9a5005bd28ef3bd12e08a3c19c62dbf9a8a4de1bee418685a41042fc860c8a80c967e620e20efcc34d3b81d062e1e9deed0f61c207d3e0fe000df474

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c98a8e505120d4e0119c2d91f31629d7

SHA1
2f88ef49bbdefaa6618666db0763751fc8da2cb5

SHA256
b6eaee2d68c041ef1d07e57d384f3a25fbab99d2c4c46f68f6b6125144fec921

SHA512
59c8856822c3e9e9b7c320b3fd1525c3c06a76e6ca925d3bf9e47fc7359c99ba0fe3b9690e4b218765112cc5c80372b3abcdc9a240ff7c033b8098dccfc0c741

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
5865c8382a124557a86b1675ee9cbb1d

SHA1
c3d3d16606931d26cbff9fdea404d9c917a3f925

SHA256
4653c3d86be0e1031e90c5751d226ed817bb67d2cf24024ae5c2a1ce7e5dce51

SHA512
4b9211d396225a407dcf5f8a9dcdc4eb46e167404937199dabe672a4e656477b08bdd1c83891b96871671d553004828616f5a05e8c20e6b07e3fd2518013407c

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
84c0a6f529dc5d9b7f5aaecd8eb35b20

SHA1
06c56d8f0891d26a1e901711d488ede6ed4aca85

SHA256
12951b3f346daef8f96d4b2e65d2854bd26ca693ce886eca59636542072bd7e5

SHA512
808cb28dfc3c0684cc4d2dce3c191162460aca2e201acab602358ce6ad85dce2f0a135444c0a291cc3630bfb369c4c195ba45eb8ce30528beac42751a4894775

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2bd84ac1b075fd657f9b870e653f2219

SHA1
cac73cfc7cc78994163283ad9431e9f80d78b520

SHA256
f0b65c2ecdffb8c3dc8738712101c8c9117fdea9700aebb8ae46bd8fd92a2d2f

SHA512
9af28ee161fc9ade4f601cb1303bde486e6189881b91ca12f4423bc8bbb69f5f2a5b23d6d94da42d42eb92329f4d81323e2622030f2991bc3f474607993c3fa2

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4fd8acd8d8d1fb518bdcf8fd83b7d67f

SHA1
06a8f06c6623f4933167509f23e1e42ec992cf8e

SHA256
26b0515206ff96ba0bcf6b129726d4ff7f2525b76e807ee6137d5c82937f4680

SHA512
42f56f719c3b57e189317b6d7d99a2360e7d114bb4a179104d635c45dd6c5ab9c37fe47d630f160cc657097b9ce2f9d2344ac35bd951a9bc9ef7fdda23a8bc67

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fef8f9131d4e873c84066f6a202e9c28

SHA1
6644a237d1677cb1810c03c0c487526a469bbe66

SHA256
5c2325050723c0c07d99c0c365bd2ce57704f8e0ccd642b45b704a339baec443

SHA512
2b213051af80055ff50575b60bba77feef0832ac956523644a32f0575bd265af05c2397b639a2d3129678afff9be728d1f29c963120c5957b37c32dadbd009d5

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
48178abe5fc338ce3112fe07002e7e62

SHA1
0334a1d2acd73c02b0fe999055f5490de0240389

SHA256
a31cd830de422e46bef9ccaa58a4175a998a529374ad4e7e7b52f1884fee0eb7

SHA512
91001395d923cdec475eba6e2a808f8239e569a58fa87d89d2a533c958556104f9c553ed84e5bb0a9b2c2398553a886c462c434dd8fcb8aacdeb2aba10baa967

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/files/audience_network.dex

Filesize
809KB

MD5
0b53811d778de6c5d75a7bf9ec3bd067

SHA1
0f16687d90e8f629b9c6b8b1a767c19a062a4b48

SHA256
e9413614838dad01eb9e86a7169ce926bb67db064b1923148d1e82eb7abeef3d

SHA512
5c4b0ba5482e7fca89cb295e4f365e49c4048e3bf21e4240548158cd985c6f6eb82abf27caa9e1f5cacc10c23b5c9c4245752de1c0815dfb3e1f2e1d9bb83656

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/files/frc_1:995102842809:android:1d9b1bbf6fe4c559_firebase_fetch.json

Filesize
160B

MD5
97b780824dc1a8e1343c4fb580846979

SHA1
36b815f56d1e2270766bd4c69dfaba32caa9279b

SHA256
b68c41e4777b0bc847f40d06b50600a9bdc899d25c70350d046dfa68e89a5699

SHA512
a0d103574056db4ea55d443a871486a54750d861c461eb09b9494f2f9c83b0ba4f758da66b1426024f697216800f4374defd76f41643d7f4ccc35c1c88f5259d

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/files/oat/audience_network.dex.cur.prof

Filesize
407B

MD5
a8d3647f9c686767d1d59efa0ea107e7

SHA1
b65868cef4f3217b7d0b67c1879fe3a9669cc3ab

SHA256
ea882ddfa444744e508155c061457da214327af812cd09227142e97ccc1fd3cb

SHA512
dfb8292c2437480094aebab744526aea9105849f9509e279b5b6146ee6b70eeb33c68d8d2c0da9837e5c9a72677b66857e29bcd8cff0395883823e78c33765e9

Download Submit
/data/data/com.zeroneapps.uygulamapaylas/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
3d3f881006b8dabddc9f1880a23d857a

SHA1
2879ae38e290b26d6071fc33b86ed21d7bc04bbb

SHA256
7d6854661528a50d15dee4913dd7acc711f0363df742d92c6b34c7e9e3f14fa7

SHA512
cba8caa093ad7d1640d0e5bc3999bf8e69ae12342b102baa664c0be08c2e0cc05af2e768cd3d224ede5560652172448143f73637b83ae8acb693b524db9e38be

Download Submit
/data/user/0/com.zeroneapps.uygulamapaylas/files/audience_network.dex

Filesize
1.5MB

MD5
37982159fc58abe0c52fa11f5500f2ce

SHA1
0b93b94af7bf3a112e18f56bc43387d943c5043a

SHA256
04c39dfc7f8613151eda03eea3f25a4c986dd07075fe2dcfcb71ae69b6162132

SHA512
72ad23185f963336bfdbbd6415c9638f90fc0da848ea6f94f45b3d4f5c99abcc068a377ce8fbe0964f2c447256d8a389ddc16f6ba91fb376564696b72f00ed91

Download Submit
/data/user/0/com.zeroneapps.uygulamapaylas/files/audience_network.dex

Filesize
1.5MB

MD5
fb8afbcc7369fd9879443941557b97f4

SHA1
99d9e78db9235b79e25476da23e273583a16f3e7

SHA256
a9c710057ad07ffe6582d25a6ef89241918874ca4414389b23a7f35cfb76edd1

SHA512
ea597d25df97322dcdea4dc3b34fd7b114e74746a3a71b2c24f7e98f20229a9e56e90d904a8783832bd7c335b7307bd3e30ab58ab15f8b7af2827a223c63c2e4

Download Submit