Analysis
-
max time kernel
49s -
max time network
136s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
23/02/2024, 12:51
Static task
static1
Behavioral task
behavioral1
Sample
795fcd8ea1ed56ce08bf20ea94c1dfa3b7c00b59f76c24deef80ab8500e6f39e.apk
Resource
android-x86-arm-20240221-en
General
-
Target
795fcd8ea1ed56ce08bf20ea94c1dfa3b7c00b59f76c24deef80ab8500e6f39e.apk
-
Size
13.4MB
-
MD5
f516062d3fe2b617fb21b80e729df37d
-
SHA1
7cae2b4977056af6918903a7dabc0a78bcb5d284
-
SHA256
795fcd8ea1ed56ce08bf20ea94c1dfa3b7c00b59f76c24deef80ab8500e6f39e
-
SHA512
03e262c97674fddf0f8ba689f00d7e0f98cfc1cc5d9f15d1c47daaf4a7a377cb7eef7512b765950050bb0b4e46d346f4e5a5100876be69f99809f28595a94e6d
-
SSDEEP
393216:XN5FQkc//lK9OJNhlphsChNo3u+FsoXWiu1L:XNhc//l8OJPlpO8EussqWiut
Malware Config
Signatures
-
Loads dropped Dex/Jar 10 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar 4492 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/stark.ext.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar 4458 com.glgjing.stark /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar 4523 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar --output-vdex-fd=46 --oat-fd=49 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/stark.dat.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar 4458 com.glgjing.stark /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex 4547 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex --output-vdex-fd=46 --oat-fd=49 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/adcBMbxqC.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex 4458 com.glgjing.stark /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar 4458 com.glgjing.stark /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar 4458 com.glgjing.stark /data/user/0/com.glgjing.stark/cache/1610724645094.jar 4673 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/cache/1610724645094.jar --output-vdex-fd=132 --oat-fd=133 --oat-location=/data/user/0/com.glgjing.stark/cache/oat/x86/1610724645094.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.glgjing.stark/cache/1610724645094.jar 4458 com.glgjing.stark -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.glgjing.stark
Processes
-
com.glgjing.stark1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4458 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/stark.ext.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4492
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar --output-vdex-fd=46 --oat-fd=49 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/stark.dat.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4523
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex --output-vdex-fd=46 --oat-fd=49 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/adcBMbxqC.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4547
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/cache/1610724645094.jar --output-vdex-fd=132 --oat-fd=133 --oat-location=/data/user/0/com.glgjing.stark/cache/oat/x86/1610724645094.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4673
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD59114826b08325b51a48fa576c076484f
SHA1d291fa21161f1157edb0a313dd81b1150fd70598
SHA256aca73a49aeb7db4ff6b6eeb2dc0c9b2733270bf2076e88a976ffe2802b88e84d
SHA512dbae74484ee456ac7cecec9f23835c658c63d68feaa7f82befaee19821b0a70c1e178b5976d92bf2c5aa701ac4fc7524a95ccd82d4a6582fb4dbab905e8b0d02
-
Filesize
77B
MD573655a8f650ced0efdd12e4683bc7ea3
SHA1849f4e8018e291eb9484d9cb31ad7200e437f5ae
SHA2569b1d57c6cb23acd923c8abbf3d5f9d2859e62b7b1ed26357a580b76363847faf
SHA512261e2d74546980c144525a228cb663ca7a39387da215ef8342596a8ce2027cf078fd3e74da568faf5faab02217cce2a1b310c27a61623f0fa6f65926d7258902
-
Filesize
829B
MD5cdc63637c88ed5fc366c0e85d7cf442b
SHA168f00c2470bebef66e8ee7cd8b15c54e65cdffd8
SHA25606ec539f055902e093617195f8f08ff42483e1c069fad6ad7f5d7c438f75de97
SHA512fa616f080490f305eb909db8f6472d5bdef603f7446ea2469ad2b631596b1072856fb3bab0cee8078724fd345c61cc0226d097abf2a82cf1c6c29072920665da
-
Filesize
2.5MB
MD53fbe2c6daaedfd63223da1cd20ff09ac
SHA1f4b343529d86a82af676bc2ab111c14166c3a26c
SHA256bc9963ddd87661d5415cb67690e4e7d815f94f6d50993f522aaca06d7c9b2dc8
SHA5129183e70c830f28059b64e5ca210ba5c2261657358db3c85f7db0e3c04fb483e9579ca82063398675abe924704024eaa382ab1647701b006fff5cb372e2ae75e3
-
Filesize
9KB
MD503ee9d194982da8259d81957162c9795
SHA1f05ab5cc908262c4dd51f3e8ca49bc346dc136b2
SHA256d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b
SHA512241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD54e020f3e429065da3153ee6a3d2c1339
SHA1d859d88245bf9b4fcf62d314de27b0bff3f0d86d
SHA25646bffa25d85adcb94c503e35ed7c067974b1c2021f9871f208bee1c583c744ae
SHA512e1e6fb578e5734c96b33e892a0e6bcc061516993afff8cd62ed219a12ea6a72b44f83fb0b262c939d7f6ca01434ad028fe7db65bb84bdbfbe5abb55e345dd936
-
Filesize
16KB
MD5e7e7111386d82e2ca4d479d0377c537e
SHA197c226ca48f156a952d614a56ba26dc0c4ccf5b4
SHA2565f34ba4be87e16a49babbd323bb9903b4fba7a77b77366e6be7f592a68c57d1b
SHA51232e8e1c7020adc6a7bea34f2871a106951e4ebd3b754470ccb28320aa9d009d3cffe52ef6cf1c7c76d32423420db9e404156dc74d7c73083daa6348a7966b855
-
Filesize
512B
MD54bc4280f64ee60f6c56c6bf137571237
SHA1812eb35ab38bfc4ffa74cbd1740f4a3cfa870565
SHA256e828e35766e92660f9c651ebaab01da205ff884effd059047bbedca42e7c82e0
SHA512bb984286e678b3f6b4710a7fdb0449fc1cc57c80cd30e05e74dd0c96557b94051b2e027fbe9e566ec47a827d964c6312d8f36e0c562bac14ff4c88d7f02167f5
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
16KB
MD54f0d8cd46fdbeba04045156566942f2f
SHA1b90e521ff06e5e14643a505bc5dc495f7b1a5ac5
SHA256186e51b1a8652d51d0055bf20766b2928e95e404530589de49182eb8bd3a5eb4
SHA512812d2afc0fc08f06c1013617140884e9fb42f5d94c447e19132971c40a189da9772b2fc2222ca228852efb31740013000570f0fd73212836391a5756a8fc52a8
-
Filesize
88KB
MD5519966b474de9ae299fa35cf4a1cedc1
SHA10ba55a74b4caf2920eca7a3cfc1e1c8e5a87ecf2
SHA25628e5d6684719fd273aba9d4c70504b45abf5f63bafcf0a321350e4367254f9bc
SHA5125f7889c80b28893787a34a9e336a0b694647bf37e1293d49fd6bb18985763f55870ed41b7957148c93d3d729713921cf8f9713e5eb57241318dfe341cb18ce4b
-
Filesize
2.1MB
MD5f4751251507b07747e940671e2f24775
SHA1e7a291f9b6e41174f7412090e0b129ed90a59fbd
SHA256b561f60bad9e9d080c8e5db0ee4f36e69f1006c80ea40827e700afad91e57eb9
SHA512f6f3a45bb2d824982f7fa4848e83a30239b19ec0c826eea023c89a746d31e79fc9a52c642dd9e79f8c59a70dc5f093894167784f869da4cf0eadff3e43374bc8
-
Filesize
1KB
MD5bae2d71b76145ce6016d24c8dd6f5d93
SHA1eb0564c568d21e4e7ab1a7fee510389ce3ca2313
SHA25632d3b476ad2f19f6351f642f338a74a89b5ce896f8ba163a48ba43e728d5e593
SHA5126737c1834bef3960e07ddeb60118b8c077a1d877dfa4373a76df0284c67119a339d048f1d1c433b0dd116ff5b95e7dc4f900015fcc98e24e102c85e2e01922e6
-
Filesize
4KB
MD5cd9689dc447cae57366db537314f71fb
SHA192d7e239c7ed92d2bdc0d9ca41c180b4c2fb5530
SHA256c463870614444f58d1df36e0af2126cf166cbda22c8b1b618314a7ef5265f48f
SHA5129a95d362f1313512c23e98c1c5536b308431c8c67cd01fe32dd162d38ddd976a1a700e6f4e33786853f347980f15483ff749ed994f7e8f2a9360436c89fd3693
-
Filesize
4KB
MD5b8559b62073f2c99afc81d175aa6225d
SHA1876c73f55a258aa7d82fba6f6376622b911c574a
SHA256ca52ab13fd9f3c67fa32137897ed366e2defede6678cedb19ccb11275d84ef22
SHA5122ab922eaa2dfb3794365452f80a0c4a16b33887b091c942decb7222d487d1568b832f16af15ff8f5de0d41b899ccb637c4620137b5fa9b15f198b6b0404a8560
-
Filesize
7KB
MD5fffe9430048a22defaa5ca626f8c1669
SHA1e55ac62d94b111cbab176ac44df2dc6cdae2a677
SHA2560619ad0b92785de36e475599497aa8adfea3a5ff6c86a1488226579c9525545b
SHA51258c253dc1c0c52dec65f39f81db704fb9b12e6146df2e9ec1f424de465be3f0326e56b66eb7766c59d77f42d512a261548fa9fb083600e78c3c4d2385bdf4086
-
Filesize
7KB
MD5055f73bbfdb7bbda3df579326a80b3a1
SHA1d4a19cb6c09078ab4baf356cfb1eeb0f8478eee5
SHA25676dc12034758becf7449f25f30833bb86eb70bb67c13bc2776cbfd38d61bc894
SHA51265585dc1bdd2896c43016159583a3b40b54222217fd65b28be4460895fa38d91af17e184c6ac5f495e55d3e177d04349c34c658acead98f9076f8b1267b576a3
-
Filesize
6.2MB
MD5486195161b29d239b80255b4d3348709
SHA194e2b46c86cdaffa3c3a116f593cca3bf6d8e8d7
SHA2568bf8cac966cde2d765514997f7ffb2949b371cce78f629ff3bdada8209271c5e
SHA512e3e0a8fd2008033a0d25663c6a75d77e32b21cbc7b92927cc796e56837030008e89b944ceddf42e6d5d8eb6bdbb82aba6476e2d77da0652d1a4990636c9812ba
-
Filesize
6.3MB
MD5c370fa7e36236d4cc3d088079022ea59
SHA133e6fd422783fbb4407216ef73d61a6443740a59
SHA256d4c4df5d14398b50f356ff15f7845b5b489bd3a27ff0ef6ddc8155b95abb002b
SHA51209060c4f1d5c6706597ee99df25a36645db937efeef72fe6307161b063c6d4e6787a9d4dee0a6b01c252dc1730bb617988c681e4c51d1c8560d86ede1ded275d
-
Filesize
6.3MB
MD5e1a5b482a8631fdfe44db65cde49ca83
SHA1f602e272f0589ee87bd4859b7ae78ff8291a9cc5
SHA256fab2e6b9a34e7dd7c7d581f224a8a7a7ba33cb7b4228e395dd07f22a327daf4e
SHA51237b68000589054d41553ffd0e541e5a8d2f1dd05df51a78097c6bd78322b7827918c683ef53d3fe647b80203ac123962cd5f7d3cb5cebbbb8e4198cfc04055cd
-
Filesize
19KB
MD51ced7d2175dffa49a034973977306116
SHA13f8200a08b62466017e817605c5386b31bd7810d
SHA256ab58700e1e6ebd3427baac6356ac257a9e5d4b51119132b6bb2c9591355ae98d
SHA512b0e9791e2cd69962a0b5e64a77c6cbe932b2e4f205a533ee551b68968c702d35c52cfeddecf743b497e6058c0884124e3dfd3d9a471d0774eb7ae7046d8c63b7
-
Filesize
19KB
MD5cf2ed89992c1145a27f078b9da17e96c
SHA12afc75b5bc6329198ec01829e6c6acbd0c0dee01
SHA25684009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78
SHA5128240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5