dc2e3e9310508b0e7fa0feb472cd76f3398434915a7100a8035e0779a2b07d5f

Analysis

max time kernel
3020365s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc2e3e9310508b0e7fa0feb472cd76f3398434915a7100a8035e0779a2b07d5f.apk
Size

5.6MB
MD5

6edf7f56fb988301df62258646491e74
SHA1

5dc67d022c68ad0a59b29bab68234c2b3c70313b
SHA256

dc2e3e9310508b0e7fa0feb472cd76f3398434915a7100a8035e0779a2b07d5f
SHA512

6f9a8d9183f480dec43ee1d973d85ca7a6651a703b8c6a1929a52e7f1552d15f9f5f81e69da48af736d6c15fabdfd5edbde64493cf05c2b5a035cb3ef70821ab
SSDEEP

98304:XEZAyoR5L+oMgVGxMRTrkBlToB4+pdS4RneeNA0QbwV5qDe5knA45/JNCEi5:URoR56o0Jy1dTnJN9595knA8NA

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.centsol.computer.pc.launcher/cache/1582435991586.jar	4323	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.centsol.computer.pc.launcher/cache/1582435991586.jar --output-vdex-fd=56 --oat-fd=59 --oat-location=/data/user/0/com.centsol.computer.pc.launcher/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.centsol.computer.pc.launcher/cache/1582435991586.jar	4252	com.centsol.computer.pc.launcher

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.centsol.computer.pc.launcher

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.centsol.computer.pc.launcher

com.centsol.computer.pc.launcher
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4252
- /system/bin/ifconfig eth0
  2⤵
  PID:4280
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.centsol.computer.pc.launcher/cache/1582435991586.jar --output-vdex-fd=56 --oat-fd=59 --oat-location=/data/user/0/com.centsol.computer.pc.launcher/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4323

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.centsol.computer.pc.launcher/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/com.centsol.computer.pc.launcher/databases/Application.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.centsol.computer.pc.launcher/databases/Application.db-journal

Filesize
512B

MD5
dc974e518208fbd5edf59e459b00b5c6

SHA1
95169a1ce0ee005d9e32bdc59c847ea88d542d41

SHA256
a66449044a522bfdfd3dbae2d194d7a93391ab3a188e8c38850e4f2c482284ad

SHA512
d0a5b6733ad942c3e31459d656abc8371a2af697a6c6c1461a3d4e848469fcb6549fbd8ab6c69e8a93bf03a754facfeea1c5c2c74741d68cb905487c824ba6ad

Download Submit
/data/data/com.centsol.computer.pc.launcher/databases/Application.db-wal

Filesize
36KB

MD5
d2db420f0a4d3c1cd095c217f239ef3f

SHA1
b6d56868f8fe54c4e93f838c760f3fdcbbf80b3e

SHA256
a70dd068369cbe35df7668eec3ec8cffbc9603a5e6ec1a0023f48c59c3c4b451

SHA512
f9e4d3d8ed75e101d34a83300e177b8314bc8b377bfc6342a2768e9743bdc57e1c3b5bc13ccfdf85f9051fb4f0dbbab009a1e57c2b1dcd94ab00ac3239fb70bb

Download Submit
/data/data/com.centsol.computer.pc.launcher/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658E57AC03B9-0001-109C-06E58AB514E3BeginSession.cls_temp

Filesize
79B

MD5
786f6d5eeb88f0f73b12c01107759627

SHA1
ee87d4286dba62e86fba73c3cb9f19c1662f913e

SHA256
baeb0ba611f768514ff9769a19fe2c6a9942d9736d2b90b4608c81693f9d917b

SHA512
b9303cbc115c13d0eaae04ce6c96f8283b708b61813eaed217b7babdebf62106f6072d1bcff60c71b094ff6b35548e0171f696f8a8170e2abe4b4e8dfe3d73c3

Download Submit
/data/data/com.centsol.computer.pc.launcher/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658E57AC03B9-0001-109C-06E58AB514E3SessionApp.cls_temp

Filesize
125B

MD5
b730c15ece529c9a33851a49f62b1762

SHA1
39b8963d9ecefee258806730598e676747eb2e4d

SHA256
848e5c368df4203edca608a0f667ee2f0e92ee182284ed9cb47dc9a0e0cdcae5

SHA512
7a093b1113081543eae17f386429b2ffe452e72d69466f45c03744853f72fa381992902bd8e604d15624928719ac1f5eef3baa0cdba845fc340f40da837de643

Download Submit
/data/data/com.centsol.computer.pc.launcher/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658E57AC03B9-0001-109C-06E58AB514E3SessionDevice.cls_temp

Filesize
131B

MD5
195cb2b129983ce09ce94f581d844ec2

SHA1
5c0fa7d9527a13329726c37437a7c1398cf7d06e

SHA256
2dfb6db9bcb0107b3fd12e1428a9d18fb996e8f2300df981b0d176d007b8ec7a

SHA512
af5553862dcc234a43372560ea8737101e9436dbb0e1a37c1948d9bd7dd6601cbfc6ef68b5cc1df7a6c34e67a67d50bc3627f2e61b8a0d0ae17f55f4b100bd11

Download Submit
/data/data/com.centsol.computer.pc.launcher/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658E57AC03B9-0001-109C-06E58AB514E3SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.centsol.computer.pc.launcher/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
528B

MD5
e2538d630dbc1bb151d26e867c2766d7

SHA1
cdc034f910ef45ac3df092384782311941709470

SHA256
0d68d2f9d4814868d0ce5d63def24fd754236196985dffcaf80a2856b800b313

SHA512
2b2a1531f07b9a5b2b737826671a482c2f4161b3cb3dcd69119743ff655fcfc2c350632576db526c7ed4e9d652715e43c16a53a59b5212149771942aa44dc0ae

Download Submit
/data/data/com.centsol.computer.pc.launcher/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
1KB

MD5
8beb40dce56dbac7b2e8746678179558

SHA1
e69b6a9035abe19f0bbbe4f12f04c9f4cb225da0

SHA256
67d9746a622e08581a2ea48092b6b202ea14362e9b50a13ca2915b915db10f8f

SHA512
0963db53c63d19ad0a4f4bce4e4b8d01f26d8b08dce7c3726c6e55fde309e79936ecef881676f911156135a91952405a7ee3bec912969348ccd5c1b82391907e

Download Submit
/data/data/com.centsol.computer.pc.launcher/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.centsol.computer.pc.launcher/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_429c6a09-c1c2-4ff6-b8e8-050fbf47159a_1703827377776.tap

Filesize
402B

MD5
7edd5f7cf6c54b970d18e4c3b0fae898

SHA1
4a7f9700809aa3d1bd38b50ed4662fb48ad9a76e

SHA256
b74657c7ccd9d6723d9ece04db657d4c51b1539329f6384b03b43c5dc8d7d202

SHA512
61bb42cac7f5e88d37c81301b853dbf34db52a80f9783f1734cd0b1d2776087f30eb7fa74ae3014f81e67230419a3d966eb84e2abcb5c283ea28d6f09333bce6

Download Submit
/data/data/com.centsol.computer.pc.launcher/files/pftpd-priv.pk8

Filesize
1KB

MD5
abba77a2ac7e57b2aef5e0942dbb65c0

SHA1
7963a3f2683b5050fbc6bea77bbd9c22a7cbf850

SHA256
2accc96a5aa45f185c345788b2e430877fe81dcce01692a8c65155e5db724318

SHA512
f7f2b28aeacb3a0e765374050e4e16490a15fb7ccc970871ac69842bc70b52089db34b2e8276cc21ebe30724ca9ee11d81f1353fdc73833629aa9802ee5c2b98

Download Submit
/data/data/com.centsol.computer.pc.launcher/files/pftpd-pub.bin

Filesize
294B

MD5
9a6f6576a61373209d849d11d09e71ec

SHA1
7cc4112e0799033653c0c4da9b16d32a23df96b0

SHA256
3297bc13e9aaddce6faabbac55bb9d951c5910195841d75aa9ff64d57b29a803

SHA512
7491533d75565bebffb971793150e75f3d5b921cac19f260fabe30393144f041871490fedf8178c3b94dbca2591a07d833410cce12b79569a8762d77eab80921

Download Submit
/data/user/0/com.centsol.computer.pc.launcher/cache/1582435991586.jar

Filesize
20KB

MD5
2048eb6124a452540ee51dae4145aadf

SHA1
d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451

SHA256
105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864

SHA512
bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

Download Submit
/data/user/0/com.centsol.computer.pc.launcher/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit