a5b5f6027b463d82fded3c38153086d5accc466df33123070ea541e62124b943

Analysis

max time kernel
2505282s
max time network
164s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
20-12-2023 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5b5f6027b463d82fded3c38153086d5accc466df33123070ea541e62124b943.apk
Size

6.9MB
MD5

21f326eef6fda2c5d544c2b5e6d21f34
SHA1

c6d5a6a665ebaa80d1174ca3850f7af509bd027b
SHA256

a5b5f6027b463d82fded3c38153086d5accc466df33123070ea541e62124b943
SHA512

c298b6a8979eb8385f8e79f8349851fd0cec1570348537dfe46d98366781043df9a80b9e82ad9f0ddfa89d6b18e767534ab09cd3a6c48c5190a64a39c8ed4da8
SSDEEP

196608:IEIxhWPUkMgyy39KP6NKP2DlBhTtfEEgpBSQi63kV:ECtMC9wAKP2BBhTtcE8BiIkV

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

ir.hawijapp.myhafez

ioc pid process

/data/user/0/ir.hawijapp.myhafez/cache/1582435991586.jar 4986 ir.hawijapp.myhafez
Acquires the wake lock 1 IoCs

Processes:

ir.hawijapp.myhafez

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock ir.hawijapp.myhafez
Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
evasion

Processes:

ir.hawijapp.myhafez

description ioc process

Framework API call android.hardware.SensorManager.registerListener ir.hawijapp.myhafez
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

ir.hawijapp.myhafez

description ioc process

Framework API call javax.crypto.Cipher.doFinal ir.hawijapp.myhafez

ioc	pid	process
/data/user/0/ir.hawijapp.myhafez/cache/1582435991586.jar	4986	ir.hawijapp.myhafez

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.hawijapp.myhafez

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	ir.hawijapp.myhafez

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ir.hawijapp.myhafez

ir.hawijapp.myhafez
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4986

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.hawijapp.myhafez/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/ir.hawijapp.myhafez/databases/md_book

Filesize
16KB

MD5
a2da9affa06e2ffcd2cb92ec5869dd6d

SHA1
010fd4fc17a8dee14c355c751ebd77c6f1263f52

SHA256
bbc12e5b18bdf84a80d1edd445242b234fd810f932f83fcd800cdcce8bde108f

SHA512
6f42b546e5228fcabe380710cf23b9c9753f3476cd90fe89ed11dad7020bb129f048a63e97897b7f4ef5f821509d7569a912fd27697f1134b04c5674f068b95c

Download Submit
/data/data/ir.hawijapp.myhafez/databases/md_book

Filesize
4.8MB

MD5
3780435a10ff2eb090d1900604ac5757

SHA1
c4096a5db92cb9b2939dd4c948e1e1b517edefe1

SHA256
ec4396bb7482261715f433390e45e4dc30dacd53989554e9c8ede732e1f2399a

SHA512
b6d3a5bbcd030323567f993b65005e71f93b53a5a33d3df1e66075bf63ad9633d7439f37796a59b2a1e0bcbe279b6b63b74388c9619468ddf9e9923b10b713f4

Download Submit
/data/data/ir.hawijapp.myhafez/databases/md_book

Filesize
4.8MB

MD5
7283aa89ff29c96cddece73e0b356a5a

SHA1
b10c8c2122dd653ea9b6c62d16a7a5576f594f2e

SHA256
28c9db6feb676b9eb662b09da3e91aa59fc8b399e7bad6f6fbf7e485678b0f17

SHA512
b11f77d7c7f51fee9b081e0cda78c0914bf4aaab5a6ec4779e314678c21e15232b37eedd16103895ecbda1db65358e5612ae4463632dc447cf57c2cfde878420

Download Submit
/data/data/ir.hawijapp.myhafez/databases/md_book-journal

Filesize
512B

MD5
0d5db5486a4902fbdd67fc3ca4836a49

SHA1
e72867179907a7baab77b6e928e77ccb1974d2d3

SHA256
f0c3c042c8c1bbf421835a6494d1e73af4719389a6d7727a1d8cc97e301fb1cb

SHA512
64d696191c9cdfcfb8b594148d6c4a3a8f0e9d4fcc441833e6bd12e7c05189f1d99beb3cf79ccce16862c57f60a6e11ab245659e136d188fb19a0832df771a93

Download Submit
/data/data/ir.hawijapp.myhafez/databases/md_book-journal

Filesize
32KB

MD5
a48415b7690a897a51b889a1f7ee124a

SHA1
d3314f6fc1cae8596bbecea7a5d67f049910dc83

SHA256
47790d08c86b88cf60c8b503763cd81eabc9b14b7f2897fa0eb5077528c0eb15

SHA512
1918279c7cb2e7c24e50205b6ec9cdbcb798515df7f4f2f7ebb43b64d25dad5e1a1a24f22db20d705b340e43a7548132551ef8a21811d910cca96dabbfa263c5

Download Submit
/data/data/ir.hawijapp.myhafez/databases/md_book-journal

Filesize
8KB

MD5
51d78131c20dcf71707ec39f1b3ad6f1

SHA1
d7eed7bb3cf57f05037867bfe20766e733cc9deb

SHA256
a7102fa51d246d23c90c9b749e31bba59eff5db00bd6706e43b7db9a83ffbbf6

SHA512
8544d77ed53043e81f6136b2ec3d5fe536efddc45af3c36d521f8c8a0b2a41e8349a548a8cf831f0915c42dc91657a52453c3bffa2ceabc63c92e2b07f68d435

Download Submit
/data/data/ir.hawijapp.myhafez/databases/md_book-journal

Filesize
64KB

MD5
b12d464061879459c463c3212baa2339

SHA1
6a0965892449cc6cf247e29b5837c122264ec25b

SHA256
46fb566aebb62fe4380039bed15a71c7947e32cbbbf20266325ba6f386db93e2

SHA512
2ea5e6933e8a39701f836c2969be8927aa7c46eff9eb8338bb518c6ed3cb2ecac192ef69a5da1c1b7f21a20d75d85e59733725014045a683d161bf26435c51ee

Download Submit
/data/data/ir.hawijapp.myhafez/databases/md_book-journal

Filesize
32KB

MD5
9eda85ec8128ab0b9bb5dda4aace87d5

SHA1
7aef7d0bc1b78e84292249ab5f70c369dcd7203d

SHA256
0c457c1e639287b62ec2c8f5e667083a9c48add68f8edf6f5b390d97fe74c8a7

SHA512
7a911958bdd322d1c320ef3e4481f30baf343aee8a31947f7f9ed8d5459a326a9f6936111a9d3d78dfca728e88010ed6388ee8d2f4dbca7bf1b97ef4f0cfd0f2

Download Submit
/data/data/ir.hawijapp.myhafez/databases/md_book-journal

Filesize
8KB

MD5
beb9c1efe85df7757188cd1504e2c68a

SHA1
b3d4e9cafe93998e6bfdd75b491dad302a0702c7

SHA256
844240e9930ae37ec3da89263931f9a395879214b9b29b70ac168a22c605df82

SHA512
916619ba914181584b961b8d9c5654ce2fff1aed523d683a9b064f903a926b6afeb0f559d842c79720a8bd0f7d4f3d3e88c2a5695886c2c2451d5235bb10bffa

Download Submit
/data/data/ir.hawijapp.myhafez/databases/zar.ttf

Filesize
273KB

MD5
c401e4a62d57153e93dd83c023e1fe17

SHA1
53f3a199d15f1a554507640df386a4f99fbbac0d

SHA256
599474cbca666590a44e374018bcda04cee36f45bb038890851f169fb31d5164

SHA512
681159f50f86548847d118352a09c38f1267f554d7583a796f166253df63ce9cb619597dd896b149c2087cf8ff1756d3d8a4a1509be23931bb5a585134aa1f18

Download Submit
/data/data/ir.hawijapp.myhafez/files/f3c05e37318e360e_231223_061631368.log

Filesize
256B

MD5
33253c0ba8fd03891889e3e6f652e31b

SHA1
cbe97009e4fffafc5a8b8d89b2d434cb887cd84d

SHA256
3d9a150cbe6e691e509f782b32ed11603c69386360a8ceb01b7a3f098feeee28

SHA512
4f8598e2ed67d9bd1197f10ff1a7296a024e609b3f7b2620622a3b4438c1604bbb30784ee217435719227a47384f852d5d20b621e98bf21c136d76cf18a8503f

Download Submit
/data/data/ir.hawijapp.myhafez/files/f3c05e37318e360e_231223_061631368.zip

Filesize
241B

MD5
dcb5ee7193510663ecddaed6efe88184

SHA1
a96a652fc8e5fef12487788d0d2e0803c7479705

SHA256
814267733becc69432dc3500a23d8a4ff3edef33646a320afa316006ec955b0c

SHA512
b9ffab6a26319f0c9c9c8e66eb8a77fdd3a643eb20e257188e0bc1ab389e68175a36511508e0c641a91b8a3ad3c2db775c8a33453450d5b0ee2b231e0892be99

Download Submit
/data/user/0/ir.hawijapp.myhafez/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads