Malware Analysis Report

2025-08-05 09:28

Sample ID 240223-p3g8xsgf55
Target 795fcd8ea1ed56ce08bf20ea94c1dfa3b7c00b59f76c24deef80ab8500e6f39e
SHA256 795fcd8ea1ed56ce08bf20ea94c1dfa3b7c00b59f76c24deef80ab8500e6f39e
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

795fcd8ea1ed56ce08bf20ea94c1dfa3b7c00b59f76c24deef80ab8500e6f39e

Threat Level: Shows suspicious behavior

The file 795fcd8ea1ed56ce08bf20ea94c1dfa3b7c00b59f76c24deef80ab8500e6f39e was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped Dex/Jar

Requests dangerous framework permissions

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:51

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:51

Reported

2024-02-23 12:53

Platform

android-x86-arm-20240221-en

Max time kernel

49s

Max time network

136s

Command Line

com.glgjing.stark

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex N/A N/A
N/A /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex N/A N/A
N/A /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/cache/1610724645094.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/cache/1610724645094.jar N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.glgjing.stark

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/stark.ext.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar --output-vdex-fd=46 --oat-fd=49 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/stark.dat.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex --output-vdex-fd=46 --oat-fd=49 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/adcBMbxqC.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/cache/1610724645094.jar --output-vdex-fd=132 --oat-fd=133 --oat-location=/data/user/0/com.glgjing.stark/cache/oat/x86/1610724645094.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 huetransfer.com udp
US 185.197.30.140:80 huetransfer.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 185.197.30.140:80 huetransfer.com tcp
US 185.197.30.140:80 huetransfer.com tcp
US 185.197.30.140:80 huetransfer.com tcp
US 1.1.1.1:53 kenudo.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp

Files

/data/data/com.glgjing.stark/databases/a-journal

MD5 4e020f3e429065da3153ee6a3d2c1339
SHA1 d859d88245bf9b4fcf62d314de27b0bff3f0d86d
SHA256 46bffa25d85adcb94c503e35ed7c067974b1c2021f9871f208bee1c583c744ae
SHA512 e1e6fb578e5734c96b33e892a0e6bcc061516993afff8cd62ed219a12ea6a72b44f83fb0b262c939d7f6ca01434ad028fe7db65bb84bdbfbe5abb55e345dd936

/data/data/com.glgjing.stark/databases/a

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.glgjing.stark/databases/a-wal

MD5 e7e7111386d82e2ca4d479d0377c537e
SHA1 97c226ca48f156a952d614a56ba26dc0c4ccf5b4
SHA256 5f34ba4be87e16a49babbd323bb9903b4fba7a77b77366e6be7f592a68c57d1b
SHA512 32e8e1c7020adc6a7bea34f2871a106951e4ebd3b754470ccb28320aa9d009d3cffe52ef6cf1c7c76d32423420db9e404156dc74d7c73083daa6348a7966b855

/data/data/com.glgjing.stark/databases/stark.db

MD5 f4751251507b07747e940671e2f24775
SHA1 e7a291f9b6e41174f7412090e0b129ed90a59fbd
SHA256 b561f60bad9e9d080c8e5db0ee4f36e69f1006c80ea40827e700afad91e57eb9
SHA512 f6f3a45bb2d824982f7fa4848e83a30239b19ec0c826eea023c89a746d31e79fc9a52c642dd9e79f8c59a70dc5f093894167784f869da4cf0eadff3e43374bc8

/data/data/com.glgjing.stark/databases/stark.db-journal

MD5 bae2d71b76145ce6016d24c8dd6f5d93
SHA1 eb0564c568d21e4e7ab1a7fee510389ce3ca2313
SHA256 32d3b476ad2f19f6351f642f338a74a89b5ce896f8ba163a48ba43e728d5e593
SHA512 6737c1834bef3960e07ddeb60118b8c077a1d877dfa4373a76df0284c67119a339d048f1d1c433b0dd116ff5b95e7dc4f900015fcc98e24e102c85e2e01922e6

/data/data/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar

MD5 3fbe2c6daaedfd63223da1cd20ff09ac
SHA1 f4b343529d86a82af676bc2ab111c14166c3a26c
SHA256 bc9963ddd87661d5415cb67690e4e7d815f94f6d50993f522aaca06d7c9b2dc8
SHA512 9183e70c830f28059b64e5ca210ba5c2261657358db3c85f7db0e3c04fb483e9579ca82063398675abe924704024eaa382ab1647701b006fff5cb372e2ae75e3

/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar

MD5 e1a5b482a8631fdfe44db65cde49ca83
SHA1 f602e272f0589ee87bd4859b7ae78ff8291a9cc5
SHA256 fab2e6b9a34e7dd7c7d581f224a8a7a7ba33cb7b4228e395dd07f22a327daf4e
SHA512 37b68000589054d41553ffd0e541e5a8d2f1dd05df51a78097c6bd78322b7827918c683ef53d3fe647b80203ac123962cd5f7d3cb5cebbbb8e4198cfc04055cd

/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar

MD5 486195161b29d239b80255b4d3348709
SHA1 94e2b46c86cdaffa3c3a116f593cca3bf6d8e8d7
SHA256 8bf8cac966cde2d765514997f7ffb2949b371cce78f629ff3bdada8209271c5e
SHA512 e3e0a8fd2008033a0d25663c6a75d77e32b21cbc7b92927cc796e56837030008e89b944ceddf42e6d5d8eb6bdbb82aba6476e2d77da0652d1a4990636c9812ba

/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar

MD5 055f73bbfdb7bbda3df579326a80b3a1
SHA1 d4a19cb6c09078ab4baf356cfb1eeb0f8478eee5
SHA256 76dc12034758becf7449f25f30833bb86eb70bb67c13bc2776cbfd38d61bc894
SHA512 65585dc1bdd2896c43016159583a3b40b54222217fd65b28be4460895fa38d91af17e184c6ac5f495e55d3e177d04349c34c658acead98f9076f8b1267b576a3

/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar

MD5 fffe9430048a22defaa5ca626f8c1669
SHA1 e55ac62d94b111cbab176ac44df2dc6cdae2a677
SHA256 0619ad0b92785de36e475599497aa8adfea3a5ff6c86a1488226579c9525545b
SHA512 58c253dc1c0c52dec65f39f81db704fb9b12e6146df2e9ec1f424de465be3f0326e56b66eb7766c59d77f42d512a261548fa9fb083600e78c3c4d2385bdf4086

/data/data/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex

MD5 9114826b08325b51a48fa576c076484f
SHA1 d291fa21161f1157edb0a313dd81b1150fd70598
SHA256 aca73a49aeb7db4ff6b6eeb2dc0c9b2733270bf2076e88a976ffe2802b88e84d
SHA512 dbae74484ee456ac7cecec9f23835c658c63d68feaa7f82befaee19821b0a70c1e178b5976d92bf2c5aa701ac4fc7524a95ccd82d4a6582fb4dbab905e8b0d02

/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex

MD5 b8559b62073f2c99afc81d175aa6225d
SHA1 876c73f55a258aa7d82fba6f6376622b911c574a
SHA256 ca52ab13fd9f3c67fa32137897ed366e2defede6678cedb19ccb11275d84ef22
SHA512 2ab922eaa2dfb3794365452f80a0c4a16b33887b091c942decb7222d487d1568b832f16af15ff8f5de0d41b899ccb637c4620137b5fa9b15f198b6b0404a8560

/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex

MD5 cd9689dc447cae57366db537314f71fb
SHA1 92d7e239c7ed92d2bdc0d9ca41c180b4c2fb5530
SHA256 c463870614444f58d1df36e0af2126cf166cbda22c8b1b618314a7ef5265f48f
SHA512 9a95d362f1313512c23e98c1c5536b308431c8c67cd01fe32dd162d38ddd976a1a700e6f4e33786853f347980f15483ff749ed994f7e8f2a9360436c89fd3693

/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar

MD5 c370fa7e36236d4cc3d088079022ea59
SHA1 33e6fd422783fbb4407216ef73d61a6443740a59
SHA256 d4c4df5d14398b50f356ff15f7845b5b489bd3a27ff0ef6ddc8155b95abb002b
SHA512 09060c4f1d5c6706597ee99df25a36645db937efeef72fe6307161b063c6d4e6787a9d4dee0a6b01c252dc1730bb617988c681e4c51d1c8560d86ede1ded275d

/data/data/com.glgjing.stark/databases/androidx.work.workdb-journal

MD5 4bc4280f64ee60f6c56c6bf137571237
SHA1 812eb35ab38bfc4ffa74cbd1740f4a3cfa870565
SHA256 e828e35766e92660f9c651ebaab01da205ff884effd059047bbedca42e7c82e0
SHA512 bb984286e678b3f6b4710a7fdb0449fc1cc57c80cd30e05e74dd0c96557b94051b2e027fbe9e566ec47a827d964c6312d8f36e0c562bac14ff4c88d7f02167f5

/data/data/com.glgjing.stark/databases/androidx.work.workdb-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.glgjing.stark/databases/androidx.work.workdb-wal

MD5 4f0d8cd46fdbeba04045156566942f2f
SHA1 b90e521ff06e5e14643a505bc5dc495f7b1a5ac5
SHA256 186e51b1a8652d51d0055bf20766b2928e95e404530589de49182eb8bd3a5eb4
SHA512 812d2afc0fc08f06c1013617140884e9fb42f5d94c447e19132971c40a189da9772b2fc2222ca228852efb31740013000570f0fd73212836391a5756a8fc52a8

/data/data/com.glgjing.stark/databases/androidx.work.workdb-wal

MD5 519966b474de9ae299fa35cf4a1cedc1
SHA1 0ba55a74b4caf2920eca7a3cfc1e1c8e5a87ecf2
SHA256 28e5d6684719fd273aba9d4c70504b45abf5f63bafcf0a321350e4367254f9bc
SHA512 5f7889c80b28893787a34a9e336a0b694647bf37e1293d49fd6bb18985763f55870ed41b7957148c93d3d729713921cf8f9713e5eb57241318dfe341cb18ce4b

/data/data/com.glgjing.stark/cache/1610724645094.jar

MD5 03ee9d194982da8259d81957162c9795
SHA1 f05ab5cc908262c4dd51f3e8ca49bc346dc136b2
SHA256 d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b
SHA512 241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff

/data/user/0/com.glgjing.stark/cache/1610724645094.jar

MD5 cf2ed89992c1145a27f078b9da17e96c
SHA1 2afc75b5bc6329198ec01829e6c6acbd0c0dee01
SHA256 84009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78
SHA512 8240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5

/data/user/0/com.glgjing.stark/cache/1610724645094.jar

MD5 1ced7d2175dffa49a034973977306116
SHA1 3f8200a08b62466017e817605c5386b31bd7810d
SHA256 ab58700e1e6ebd3427baac6356ac257a9e5d4b51119132b6bb2c9591355ae98d
SHA512 b0e9791e2cd69962a0b5e64a77c6cbe932b2e4f205a533ee551b68968c702d35c52cfeddecf743b497e6058c0884124e3dfd3d9a471d0774eb7ae7046d8c63b7

/data/data/com.glgjing.stark/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/stark.dat.jar.cur.prof

MD5 73655a8f650ced0efdd12e4683bc7ea3
SHA1 849f4e8018e291eb9484d9cb31ad7200e437f5ae
SHA256 9b1d57c6cb23acd923c8abbf3d5f9d2859e62b7b1ed26357a580b76363847faf
SHA512 261e2d74546980c144525a228cb663ca7a39387da215ef8342596a8ce2027cf078fd3e74da568faf5faab02217cce2a1b310c27a61623f0fa6f65926d7258902

/data/data/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/stark.ext.jar.cur.prof

MD5 cdc63637c88ed5fc366c0e85d7cf442b
SHA1 68f00c2470bebef66e8ee7cd8b15c54e65cdffd8
SHA256 06ec539f055902e093617195f8f08ff42483e1c069fad6ad7f5d7c438f75de97
SHA512 fa616f080490f305eb909db8f6472d5bdef603f7446ea2469ad2b631596b1072856fb3bab0cee8078724fd345c61cc0226d097abf2a82cf1c6c29072920665da