a27099417b543a21212b81fe305ee9e4171848d77dac5f58286fad638b7af8ac

Analysis

max time kernel
3302402s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
30/12/2023, 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fc4e23b790c842377a45500d6d37435.apk
Size

3.9MB
MD5

1fc4e23b790c842377a45500d6d37435
SHA1

3b304637795d2babb8c1f90764e86a50cd55ae63
SHA256

a27099417b543a21212b81fe305ee9e4171848d77dac5f58286fad638b7af8ac
SHA512

e41334749f51edccf00f23e469d650a865fe8eeafb3a22520f90f490253fa2720d2a4fea6342fea0f614689e82b5737d3f00af8e463d3ea18427d57eed97524e
SSDEEP

98304:vHMkXc+2W7jEKOe8aZmrYxE56WsbJfLvtx6PjzMaj/WRCSjx3CfNpVYTh6JdXlZ8:vHMk6W7vOLaArkWmp3kjzMaj/WRCSjx7

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ddm.iptools
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ddm.iptools

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ddm.iptools

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
42	api.ipify.org
59	api.ipify.org
60	api.ipify.org

Reads information about phone network operator.
Checks the presence of a debugger
evasion

com.ddm.iptools
1⤵
- Requests cell location
- Acquires the wake lock
PID:4610

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ddm.iptools/databases/connections_log.db

Filesize
20KB

MD5
7a78c0b05bef73973c5946e6fb3fc583

SHA1
84bc6405ed7c4aae396770744014908144cd88b0

SHA256
20652b804fc6680df438419a328726898ce4353566ced997ff268701f198912e

SHA512
b3f8e1048c1cdea68395c3721c5c426d9ec882448dfeaedb1f4b3cf4715e79633088886e081b59e38e1d57d36904ead0f4469bbf2686d823f54f5cea0c6f583a

Download Submit
/data/user/0/com.ddm.iptools/databases/connections_log.db

Filesize
16KB

MD5
b44337b938c7fcda35a57fd02a70959d

SHA1
49966399e0d73a7e59cd8759a699feaffe8487ce

SHA256
47e6e61e1054bc817c335973352d3fa07a6b4dc01c68783ad7329f916b7de124

SHA512
4c9d3d6b2d538f6926c75e28b528b6fae4c0b6d427470ecffb34e858b3337988bfbcb0b5a61a59d5441e8eb7c567828ad89a1bd8ae4998abc6a1036d5f50ce0e

Download Submit
/data/user/0/com.ddm.iptools/databases/connections_log.db-journal

Filesize
12KB

MD5
50059a3a051321153a825b02f936f6a4

SHA1
0f304ed0ad0f404617a166a7e491db952bf586dd

SHA256
d990f3452ec3c9cc67af48dd5a6ea3318f0cb7c19ab960d4cb9dc15411e483e5

SHA512
5ace534c672edd46f8d7dd37dacfcf53eb7e3fb68a9abdc8078e7bf71f8820c2f6a85c77fd187f644d2439fcd66d2174c1f5c7e5e51db033b664ae645bc0f132

Download Submit
/data/user/0/com.ddm.iptools/databases/connections_log.db-journal

Filesize
8KB

MD5
ba06d15891a8ab83afdb2bd6dc08c48a

SHA1
1294d0232385e2379dedfa5fd3d94e903ed012f0

SHA256
9b40548b7a0b4a854b3e8213e38083fffffcbb84e42a24aa649b5ed5af84a0d3

SHA512
7dfdde0374464afdd903df6fd7973bc84afdb5fa42e69b2982927f0383058f4bb4483cedf9e1f20d5ebff78a560eaa8a8ab78379042846b9944a6ab6118f9947

Download Submit
/data/user/0/com.ddm.iptools/databases/google_app_measurement_local.db

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.ddm.iptools/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1e95abeaffe32a6f0c9800a033e2f0e5

SHA1
6d7110a999cfe0cf8cd7b27372668d620e7c012f

SHA256
36db564020fb3bd2346d078ff2eaee051ba27d0df44c5405f2d17cb8558d7f10

SHA512
1b2ec87ce5a67d140aa70fb13605f859b5282390c34a3df62104e72b77316168f7dede303496ae188c66b5cfa7449c60650584408b6b1e51570384639f35fcd3

Download Submit
/data/user/0/com.ddm.iptools/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e8640afc9f61d5d8d9dd458a96d89da

SHA1
08e9ecee3f070822d89aec887da730ac8806067c

SHA256
406476dae7fb5ad625dad762efcb5c21e20a0e9c22980c52629430e06195917c

SHA512
ec05c3f93a8175424917ae6763f0f40e91fa626d7823f867221781105a10803f1186e7bbef87b995f5286ec07999ff93e57dc8b7cfffa6fcf56797d25d0fe14b

Download Submit
/data/user/0/com.ddm.iptools/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6aaede98d988dcb665265d1a430d5048

SHA1
52e65fb948a55ce94a799e2ecfe86dc12dbbcc96

SHA256
7e7f34c235ef4592cd94aa5103bc565cf75f833a1760ae0e9ce0e031779c9e56

SHA512
f01344f2cff4df1beaadbd035589ca631cf6d6aceefa8176ec0831e68a54cf8cb89dc0eba6ed68f7dc14a98353d107a30d44df3d75fc980a419948c4f3710596

Download Submit
/data/user/0/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
e24b56190833da7f1b6bc653293ab290

SHA1
6ccca995f9f4f4f04c0de9cbc3b211823f2b9fbf

SHA256
a9eb0f883e0fb81efbcd3134c343ae02b1e987afcb959522751dd01df6176be2

SHA512
04ad58149c111600ac642aedba77a379253e0edb981dee85a063c268a8a33963d06c9897f53734f6334571ca7ef90713c1aca076ee305274ef38e3f8838a8693

Download Submit
/data/user/0/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b168734437b04b6716600609565fe410

SHA1
fb00b347e1dab2ea819f36efedd21667203210e9

SHA256
46c00fe07eaa73cb173bf3cb2b8e636ddfd2e2a59c3764c2375f6199426a30aa

SHA512
fc1bac0fc9e27138eb052ff1b65bcd2a46a68884589adc650c717ff488d0ac13362c87864a82a13272b91fbb850ac50ad1271558b158d64cf2c75934ca94eca6

Download Submit
/data/user/0/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
5572f954953b9edaf79a6f788ce52ced

SHA1
f0426d408ae4273b10dcb8b9c8d772bc740b3df4

SHA256
b423b527ecf89f1a8e8ea1767ddac3ab3d89fd338a33812aebd533874b43a6e5

SHA512
b59640a37d8654e647e9df8cd8035565e16c86f5ba39fe577cd4e0573de83abede04c120e8e6872f0bfd0ac4a1508e17f9f4b8e783baca3d8612fb73716ee337

Download Submit
/data/user/0/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
eacb3159eda1a340c7688e06197d7dda

SHA1
3fdb2fad50df43811c4e8d4ff34e6cdce0485eaa

SHA256
f2a0abc6b531ab895c67fa0feee99cb2622a578ee8d56972757767de08784df2

SHA512
a3a8f5274bea7c1f3fde22f63319a1d69f6cd68a205209da2d362a3f9c22f6f17c9951c75c21776aea9cb4ad4cce1862cc2c927c457d5637ac363c5dfc9ef438

Download Submit
/data/user/0/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a00cdab1916e61427bdccc3e6dab7003

SHA1
f8393886a627f937654bf61658b9849cbec6e24c

SHA256
8585709301fe2881d44deb2a4c9dd2cee9ab77ada2610cbfbd157e5cef1be496

SHA512
0b7078666556822a5ef4cd7af53ea33fb9815873d060e03d76ace364161602b1b1cc85a89d1a3d63e802e5133c74edabf13764187492f44e7cfab6cb81fca8e3

Download Submit
/data/user/0/com.ddm.iptools/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9ab3688b0ddc26f9e9abc989b377710e

SHA1
a8a16fcd091c6c72f699ab3347c28c87dfd9fda4

SHA256
b67063078d1204a42c810abe9acd87d185f61eff51a57d2e2574da5d44f858b1

SHA512
dc0d8ecab295b399bcf5964a5f948779168362a4e3c468963e6d72b3becbb4cd5ae246e706c2a491a3c7971560ac6c76ec24edff85a0a763de30814f658b2f3a

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A50F014A-0001-1202-95FDCE735511BeginSession.cls_temp

Filesize
77B

MD5
2614d1fbe24d0fff5078d0a63b110aec

SHA1
79c35460b1649ef50d52dc1737854c3cf490cedb

SHA256
f31f32ebdd8a27d9c84baedb73449c6680891e62c93d25178f0743de3b82a225

SHA512
f1196a9ff8f6c51a7ab065222121a14b3bf9e2716f1dc48cd2fd54275c8b1611bb23362c0ee351f1674a7b36e144a193e636fa3284d887dc7cc8385f1512fe01

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A50F014A-0001-1202-95FDCE735511BeginSession.json

Filesize
132B

MD5
5c0b42c33acdaef49d651210863255cf

SHA1
91325a3003e10f8db48896da98e9cb6fb41b5090

SHA256
471babd93affad41cce78164cb8100a4ca45081ba8622cfd7a7f2c1b3947dbfb

SHA512
f6e55cc4741ab79b4ab12dfc31644800b8d7f1e82f89a361149823b3bc6028046114c147acd8782c71314cbbc703be6d3b8572a79f049b7f89b228d920ae7d9b

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A50F014A-0001-1202-95FDCE735511SessionApp.cls_temp

Filesize
109B

MD5
955e27616c0cadd2b3cd567d5c659661

SHA1
21484192a6aa33acbbd01fa4e4c1bede7b2df506

SHA256
66b46f1fbb047b880ec983e16bfa20efd5145a9eb249c213ba70408ce4791eca

SHA512
d55749ea184657e85ba49bea839bc3bbdb9bd772110c2f4de89654c09e575f98cc1d4ff8fe1ab8fe058713b4e854ab3a3b813dce0b2303571794c7456b88500b

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A50F014A-0001-1202-95FDCE735511SessionApp.json

Filesize
223B

MD5
30f3d30f174cbbeb40383ff353fbf04f

SHA1
97db668dd5f8a978a63853b2883378ac5131acdd

SHA256
0919afe671f782f80c26580577a0c5ad75cf53029c40569def7df2cd281c639c

SHA512
8d87ae8e69f5027ed60186bcb28a869e14a3045ed4222a075cbf4db6dd03f9b07a58a3a5a4362835fef84f27e03340575bbeced4a768c426f876375c77c8852f

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A50F014A-0001-1202-95FDCE735511SessionDevice.cls_temp

Filesize
48B

MD5
fd6372364a5c5c9cf8945ac3ea7a5d94

SHA1
3c798cab71f6ae7a81e71e58712368231230588a

SHA256
7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

SHA512
a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A50F014A-0001-1202-95FDCE735511SessionDevice.json

Filesize
202B

MD5
eeeb942571fa704cf8ae49731fbe9789

SHA1
b5989c4cb932ffc779ee25bb3f7bfb79cf720427

SHA256
78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71

SHA512
71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A50F014A-0001-1202-95FDCE735511SessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6592A50F014A-0001-1202-95FDCE735511SessionOS.json

Filesize
55B

MD5
fc1dcee4e422d77e7fab7c08c8a41344

SHA1
d5340127e9d5f735b9d33b9dc61c772fb0e2dc15

SHA256
b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7

SHA512
3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
396B

MD5
8dbdf301d5ce4698edac4ec004c95a5b

SHA1
b4b4749af16330783ea0b33d578516e71fae4e64

SHA256
1251e445d78471c0bdbe4abbb9e21b83fde174eaa3fd5a018300666de845bc25

SHA512
14de5a14a3c41bc06ea0b0a639f2804e237b0f1c5c5aa39f98267519e32f5f73f3c1d042bd24f43fee7d84f902eb24c190eba56dd4ab7bf1897e6c9a6ec36e50

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
803B

MD5
54dfa7feef5c66fd4c49271d15327cdb

SHA1
7fa10d47aa367103b49d131b51472e3b15100498

SHA256
be5ddd27077776747ffb7f82c36f0b235d6992841a49396afbc9db095242d761

SHA512
1bd4879f448e90972e14ddbfe79ea73c339db84c332e19ec05be9a3c298f99ff8a0f20dc8223c0bdd54cd0605e2aaea5f00f247d1fa71039210240b1bf2c624e

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.ddm.iptools/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_7677fba4-0109-4244-bb1a-9b7e80337c22_1704109334199.tap

Filesize
319B

MD5
ddfe79d82a302f878b557b8e3cafa102

SHA1
681be1491615519a0317bc10b93ab3a39dd3b4a4

SHA256
532b151247bc6d99eddf6d2f145260ffdad4e239ae146d00f310c6fc9ae8df4c

SHA512
a4b253928c6e7639dc1d7d045153efb4a169c4d44bd5d7566ef6f655ef7419fecf3dfee16b652fca6338bad00926a339d77a392b6d3f6134422328b6c848a609

Download Submit