a27099417b543a21212b81fe305ee9e4171848d77dac5f58286fad638b7af8ac

Analysis

max time kernel
3302254s
max time network
148s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
30-12-2023 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fc4e23b790c842377a45500d6d37435.apk
Size

3.9MB
MD5

1fc4e23b790c842377a45500d6d37435
SHA1

3b304637795d2babb8c1f90764e86a50cd55ae63
SHA256

a27099417b543a21212b81fe305ee9e4171848d77dac5f58286fad638b7af8ac
SHA512

e41334749f51edccf00f23e469d650a865fe8eeafb3a22520f90f490253fa2720d2a4fea6342fea0f614689e82b5737d3f00af8e463d3ea18427d57eed97524e
SSDEEP

98304:vHMkXc+2W7jEKOe8aZmrYxE56WsbJfLvtx6PjzMaj/WRCSjx3CfNpVYTh6JdXlZ8:vHMk6W7vOLaArkWmp3kjzMaj/WRCSjx7

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ddm.iptools
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ddm.iptools

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ddm.iptools

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
34	api.ipify.org
35	api.ipify.org
36	api.ipify.org

Checks the presence of a debugger
evasion

com.ddm.iptools
1⤵
- Requests cell location
- Acquires the wake lock
PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ddm.iptools/databases/connections_log.db

Filesize
16KB

MD5
507f3cf56a24864ce37102e7000a73d2

SHA1
331210697277710f87ae83fc3ef860b442d5475d

SHA256
fec759db49135b391c6dc8660f6b84413a3d7db0bd2d44195e39d403f7df083a

SHA512
277c3c2361e5acec81d6765b5df50b8972799e4a2e437a4b8de66f1eff97aa378c5d2cf3d75bcded609bce88f83f7469d2053a02010b5a78b5078652166edd06

Download Submit
/data/data/com.ddm.iptools/databases/connections_log.db-journal

Filesize
8KB

MD5
1a5335086339b7f27c0bc9200b9ad3f2

SHA1
519b832942c29c2035468c88f415dd00cc7a1014

SHA256
85d943c8a6076462a11df6995dca7ef9378eb6c6b82b59cadb4b112fbfd92c52

SHA512
1fc1af6b8333f61f0d3aed256603a58c8f82f5750f45c4053f07d4140bf51381b8064eb3992272c2c9e41e7abdff775ccac7c5ee548110afa4266050f0e3ed6b

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement.db

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement.db-journal

Filesize
512B

MD5
f1e4a235c9d394125f7524eb87083f95

SHA1
13a247e4e2ed01ce6353f6b77d1871784917a85a

SHA256
91645ad2957c7e94a535c5261f32fad42d1af5f7347bcd68fb3cde77fae225a0

SHA512
195afd39d6bbf9a78e8471e026d09b47efa47d04f674a2512dd4c0c5369dacff86eb5c709ca2f6c73fc47a091cc43d6ddde326a8de11bcc7b26009b624cf84cd

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement.db-journal

Filesize
8KB

MD5
9307a28c8ea66eb291e03755c68d9e0f

SHA1
2f3f3642cfb326daaf1d7d5f68628da480e30993

SHA256
554ed6f371d26d8e542c9e753bb788058f442e583473f150a7f6a1e07865c3e8

SHA512
e127aee62346c8a5cdebca733a3a89e8df76511fec7efb7bf7db250d363de98d0c92d2da4e8ec54ae1a5238ce5a10e17f33f70e10bf6ab80b7f8d5b457bdee2e

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement.db-journal

Filesize
4KB

MD5
91ba0db0a8eeb930e92962a37c03fc60

SHA1
29244369619435d2447b2d0dab4d6a3e7e3e6e7d

SHA256
6598ffc6ae1407f9adfb1b48a8d6d257a55f459d0ece562a86bb98511eaa3011

SHA512
6c66bc34b297f79518632265ecfef8c097c6a74b86e5bf5c7f27a08b5bc4528d12e00d9ff7b0a23599548d0169e985be3b830fe0d8f486c13e4e4364373f8b1a

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement.db-journal

Filesize
8KB

MD5
a4c2147651eab468da4ce9438afb88b0

SHA1
94f4c23f14d54b0ef359f2c974a85b2ca190be3d

SHA256
32c5d2a2c9818b0bdced4bd3e0cfb1c7655ea867f293e45a6102f685e6229dbd

SHA512
c1bbaeb2c58ce2e51f1caf63822dfd12596e2e7381e1a105b94a04a6b0917e8e6c39284fa11bd499ec86dc4168b2ae76b317a78660a4859f0716df26bf2eec61

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement.db-journal

Filesize
4KB

MD5
bb16c83321ff0475c3dd95521acb1d83

SHA1
415c24f6bf3fe9b19e7f1461b3f722eeb035dc50

SHA256
10abbad9ef23fc4ac1ebbc33b90f1f505c83713bfa5509894f211ca573de24ba

SHA512
009dbe7f42747785bbc386f0140abf2d10deae1a670d258515bea4210e74f9871b0a6aa1deede4bf2b6fb341d82ac489f27e19cc94b84b4d02a55893dcb52f81

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement.db-journal

Filesize
8KB

MD5
9a2da639c8d0d9093537155efab5d700

SHA1
71763740825a59b0ad4ea82bbece0d74208f3bf2

SHA256
08e68c7aa3b8877336a92e7b21f3cc8e22bff6552ad22cad24252d378037a2d9

SHA512
3cead41e5cefedbb927b6a57ed883d834daf1d8c497eb32bd72fbc52a15ba6fd2eb20b32ba44c84de5e1e527a68f0d08d16e04f7e7a7a45dd94e01daa184e5e2

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b6590593c55df23cb77dd9d2c4dd4579

SHA1
1ec37607d1d625b2480762647a4d2b60aa661253

SHA256
64b2c46acbcc0d23f0c49b25910195fd92cc15bed8b203669b7dfbf9f281fa8d

SHA512
c2c6faa2d32efcdfcbf66cd92b111b241fc1c27777379df1597d3ba4fcc61385307d6f680a7eca43364c85d1c3c506282a5b38e21e8dbeaa2bf53981e1d36272

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b7602f458617049b0a61b479a501afa3

SHA1
85ac94c5f8f5d7c20f07443314d1fb589aaee311

SHA256
334647613f2ca6d9ac0fcc5faa1fabfe7b28b2df377bbef9aaa988dad2b4713e

SHA512
078c306bca16529951ebbc4bc2e86e3b24bc915d5cab63733c08459f11024799d9787bee173e83bb3372a609221a469b82ce557087da753f589f2bc7cc2b8ef8

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d93dc940b8a27f964d32cf6a566a60a7

SHA1
209df1ff5a237c8a9ac8943b1d7bc3c46bcc07f7

SHA256
d3ef12c2a4ba21bd854849e302f51a7586bd119fefb6de8babf18a3644c5dd5c

SHA512
473853f9c9b3c6c480497c3236588e0f12097f9085de9cf703a351b9151385e7a530a104b0d9fbdf0ac4dd865e134f46bd1a1ea13ea0dc15d5ca994c00b1db67

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fe83fd60d767269094f35470c7f61220

SHA1
9cd96156aeb99a08f0f25dd72bbc2170f684ed1b

SHA256
d87283239d85d80bb18ac2eb1e29b5ea1f75ca9b6895a5567e586d36cd9ad48c

SHA512
b38b02909abc427e8ff11ecbcaac47d0a5ea5a9d4e3a491555b9afea0c6b4653633c69184c05fcfbd3c8b9a7db9f38f0e4a7d3b20438abf4c9c8a386e5b0cc0c

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
a3e032916053e262d5c6b866d41722f7

SHA1
93107c609a0c6747fa2b870241e803610417fda1

SHA256
9bc6e4d5dac4f0a2fa63aeb4e34923987fda29afd3fd5c0db5f89e1ebb9d7087

SHA512
a0fbf268929c56a15e2fb0de127e50b79f6ea3107824010f37eb6b515f410b1280435048a7a5bd57c78971b4283879cdf679d8efdded3334ddb8f9a9c8d31c54

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9bb266d7dce5eaa6bbd0194d1829c1b5

SHA1
ef55b367bf09fdd17bc3b47419e6b19eb4dd1a62

SHA256
282b0ea2fbbc049b8c5aa38b7502702cc6c6b73fd743a304ca559cef647bb6f3

SHA512
efa44f95243d21cfa4cbc95aa3c2605ce33a4b4c6d9ea1791f9ba448bfddefd2c0bbcb3d584a645a6598575260497ea4e2ba184595ad7c1e5cb4acb388c8277c

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
cbafdf1999cf6a662062aa394b805b48

SHA1
c2bd7f3c492a56dcde1d0a56906c0997aad6fe3b

SHA256
3bc3adbde1233b70d839bea9feefc124ed6ccd8dccac89020dc99e9fcce29961

SHA512
3bdc43289a5b909491397dbd47b65887130856610b31811fdf6e47f87a0982b730b015f9eb4d5e91e6b91db158dfc5b672f5ce9f6e662e1e440676d6fac417e8

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bd01dc91f67a71d6ff80b53569655166

SHA1
5482742b3f278b486578c3482726bff1d7ea4650

SHA256
083efa1811627ff17a43cd7d3518349c67195291b22109db6e04c11d08159c7c

SHA512
59dc111e6c56102146b7a5bd19869550dbd4145b09070eb069f940989c4158575a51937443a930dcfc9cbc6be712a3efd43944eece99ec6d1e5e0f2b288a8f36

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a0e6dd11e41d055155e93fb56b82eb3b

SHA1
60fb0431330fd0cf163b77c2afad2c816d397312

SHA256
98cbcdfec44cd92c338dd5d9e1a24b5f7584f4e599b0ffe858a74af993d885ce

SHA512
023a635ec73d1583f4e42b7762ebc3035154ff3f5df148524325097edf2d3c3fba9eb2b7dac70461261e1f76ad3bed890433e20c24b4e1c85c9d5cb9d41d53ba

Download Submit
/data/data/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4de0d26045fa636f91d90596fe883170

SHA1
04d5f5978ba81386c80d17c559a7bab2b009e406

SHA256
14d3f9f281684150331abb993d5d196088585ef7641329e8de0a38bdff92d3e9

SHA512
9d5d4ed64c3a64c78dadb1a8196fc281c481322e442095a9bc97eeae8385ff895f8637aa7bcff05b14f87c0c0de6a924e3b66e79a275f1f108bdcd288ec375c7

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A4C601FE-0001-1364-A708AFB495EFBeginSession.cls_temp

Filesize
77B

MD5
c8ac1c7c1125f50c4e271c3c9bf88814

SHA1
925ee3279378b0e61d3787d0e0874ccdecee8c2f

SHA256
557c9349df0a74c3444deac8e28a225db9204a83a917699a7e86a8d3819e742e

SHA512
28b1aaa0ad74d3c11c724fc6360ca92f88da008c82ff8a505e2609c862d5bde5914e751b7a6ebdf1881ceb793f8893ca8c0308e9da86e01360e63eda01f849e2

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A4C601FE-0001-1364-A708AFB495EFBeginSession.json

Filesize
132B

MD5
f627ac47b1b34d97b27cee0511e2c5bf

SHA1
240d10d351e595ee986ec01e0282f2f58c922f83

SHA256
88347eac1406c3cea009562f66b0f1d2f517884ee2b427ddd9121b0fd6ff8067

SHA512
f3f20b3c58445a8eef0cb3df4713163be22c7478f99d302f96eae9858b4d65d723dad144e2a0ffc88025fc2a2fcba0c076e24351d69a709a402b3dfb057b35a9

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A4C601FE-0001-1364-A708AFB495EFSessionApp.cls_temp

Filesize
109B

MD5
d4809dfde8ad783b2d54ed31ad188b5a

SHA1
a34b4b542188e26f4370fdf24bfef7c86389b4f8

SHA256
26861a36908d5a61e1f6c9599f522c1156b7a9b4a2463715a74d786bdc697114

SHA512
e86bcde654e3be5f685a779ff26887246e7edc94431db8aba6b3fe38d1e63f5861b08872070913b11a2eba77b45905f78eaa345d1a0b1befd5d59d6e9953615b

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A4C601FE-0001-1364-A708AFB495EFSessionApp.json

Filesize
223B

MD5
b681c9430264f75bd6598bf96d027237

SHA1
f479e139af9ad3d672cd2e0835284ce7d9fbcbbf

SHA256
28847bd15fe619ec9211e79c0a8c4c7f3177f23ff7ea1989e39f8be34f62462f

SHA512
bfef9b5c42ce324f52062e467637d5a6ad41fce9b021bf4e8392ce85b34b43fd290340f52e2e335a0af919424ac5a012ae2f54fc24bfb89b2706ae9ccaf98c50

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A4C601FE-0001-1364-A708AFB495EFSessionDevice.cls_temp

Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A4C601FE-0001-1364-A708AFB495EFSessionDevice.json

Filesize
202B

MD5
afa07370d07ed0a8ac9554ee7001bb72

SHA1
d1e9de22fda1295087525ff3a377f7d7dd410ac7

SHA256
8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

SHA512
a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A4C601FE-0001-1364-A708AFB495EFSessionOS.cls_temp

Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A4C601FE-0001-1364-A708AFB495EFSessionOS.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
396B

MD5
2b512b1979d424ab57f02960d6c9c67d

SHA1
a8638bd5af603bb872f39b4b4aab3412462e7ad8

SHA256
0c04b1f283e68b739ed86a960518df96e5b8024fee8ef6185325a26c8e8c2108

SHA512
6ff2c71a8319665b9ed45fcda243bbbaaa8221f656d80713fab8f85466fcdfca583ab8ef00be596fd494bfebfb1a7b93ed9fdef159a73d4abc7dde7a5c358094

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
803B

MD5
cf41d971469d4c1983da4243cf3f2921

SHA1
7bf4f7e7ca468362e27afae02c5028df71b22e9b

SHA256
d89a71af97549daa68daecb8e613ddd2c5161e46b2abe10ceb1621d602b40241

SHA512
9c22d1e1b37ce7ea4ccb9ecefe142830d70a04ea331b4167515b00b5b1d51a08e5cd68bd572af901d237a18faaa06b389076f6409f0e33da0aa9800187dc00a7

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_f40a4961-9d6d-4381-a5f2-9bfae94d983c_1704109261784.tap

Filesize
320B

MD5
de75b0562208d7fb0db6b2efdf44790c

SHA1
bef0fd982fb3ee8a52875ee4a9c3540ff9927c8e

SHA256
fda509f63e4124e587c457ea808a9345045c43e7d97c7afd60e858dbb4f156e2

SHA512
75a19395ac456c62e1a9815d21331ee1ef152ce04e60ef60882afa0ac2cf818f9e83defff97d99bbf1f6ae3a2b767733eae0a959fc9af2ac5f6afdfa3f3fa60e

Download Submit
/data/data/com.ddm.iptools/files/shared_prefs_sdk_ad_prefs

Filesize
181B

MD5
5f1a61cd768d1d0d2ba1f41af39ed1d6

SHA1
e9efaab032c07d485ba10b77448eb05eafb5a8ce

SHA256
323711ea097e99a032b55fd7c52e319f64c28762778f63760046ba3f368bc082

SHA512
2a89c90459c010d2e0a943bc5fd085d0472d9c167e827dc7d25843b66a88e284330827767c4978a96ac3c763fa18242bb225590973fe0ca2fd321d28b04e4d12

Download Submit
/data/data/com.ddm.iptools/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
a8c1f71f88ad7932473a6ca4c0c5db85

SHA1
0549f44da83f0e2507d31146107d7acdba9b140f

SHA256
c7a1d4dc1bacec8053fcf40e0a9743a50406d4da8250f8a6a7a637cf0431877b

SHA512
97752247a0d5220a6d2b02f7f71b50f1b7f9c1c289521b7d06fd8cc2b350abba3f06871650c4960e91fce480278ead757c90e4520b80f4c48436432f19016106

Download Submit