Analysis Overview
SHA256
795fcd8ea1ed56ce08bf20ea94c1dfa3b7c00b59f76c24deef80ab8500e6f39e
Threat Level: Shows suspicious behavior
The file 795fcd8ea1ed56ce08bf20ea94c1dfa3b7c00b59f76c24deef80ab8500e6f39e was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Requests dangerous framework permissions
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:51
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:51
Reported
2024-02-23 12:53
Platform
android-x86-arm-20240221-en
Max time kernel
49s
Max time network
136s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/cache/1610724645094.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/cache/1610724645094.jar | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.glgjing.stark
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/stark.ext.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar --output-vdex-fd=46 --oat-fd=49 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/stark.dat.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex --output-vdex-fd=46 --oat-fd=49 --oat-location=/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/x86/adcBMbxqC.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/cache/1610724645094.jar --output-vdex-fd=132 --oat-fd=133 --oat-location=/data/user/0/com.glgjing.stark/cache/oat/x86/1610724645094.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | huetransfer.com | udp |
| US | 185.197.30.140:80 | huetransfer.com | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 185.197.30.140:80 | huetransfer.com | tcp |
| US | 185.197.30.140:80 | huetransfer.com | tcp |
| US | 185.197.30.140:80 | huetransfer.com | tcp |
| US | 1.1.1.1:53 | kenudo.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
Files
/data/data/com.glgjing.stark/databases/a-journal
| MD5 | 4e020f3e429065da3153ee6a3d2c1339 |
| SHA1 | d859d88245bf9b4fcf62d314de27b0bff3f0d86d |
| SHA256 | 46bffa25d85adcb94c503e35ed7c067974b1c2021f9871f208bee1c583c744ae |
| SHA512 | e1e6fb578e5734c96b33e892a0e6bcc061516993afff8cd62ed219a12ea6a72b44f83fb0b262c939d7f6ca01434ad028fe7db65bb84bdbfbe5abb55e345dd936 |
/data/data/com.glgjing.stark/databases/a
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.glgjing.stark/databases/a-wal
| MD5 | e7e7111386d82e2ca4d479d0377c537e |
| SHA1 | 97c226ca48f156a952d614a56ba26dc0c4ccf5b4 |
| SHA256 | 5f34ba4be87e16a49babbd323bb9903b4fba7a77b77366e6be7f592a68c57d1b |
| SHA512 | 32e8e1c7020adc6a7bea34f2871a106951e4ebd3b754470ccb28320aa9d009d3cffe52ef6cf1c7c76d32423420db9e404156dc74d7c73083daa6348a7966b855 |
/data/data/com.glgjing.stark/databases/stark.db
| MD5 | f4751251507b07747e940671e2f24775 |
| SHA1 | e7a291f9b6e41174f7412090e0b129ed90a59fbd |
| SHA256 | b561f60bad9e9d080c8e5db0ee4f36e69f1006c80ea40827e700afad91e57eb9 |
| SHA512 | f6f3a45bb2d824982f7fa4848e83a30239b19ec0c826eea023c89a746d31e79fc9a52c642dd9e79f8c59a70dc5f093894167784f869da4cf0eadff3e43374bc8 |
/data/data/com.glgjing.stark/databases/stark.db-journal
| MD5 | bae2d71b76145ce6016d24c8dd6f5d93 |
| SHA1 | eb0564c568d21e4e7ab1a7fee510389ce3ca2313 |
| SHA256 | 32d3b476ad2f19f6351f642f338a74a89b5ce896f8ba163a48ba43e728d5e593 |
| SHA512 | 6737c1834bef3960e07ddeb60118b8c077a1d877dfa4373a76df0284c67119a339d048f1d1c433b0dd116ff5b95e7dc4f900015fcc98e24e102c85e2e01922e6 |
/data/data/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar
| MD5 | 3fbe2c6daaedfd63223da1cd20ff09ac |
| SHA1 | f4b343529d86a82af676bc2ab111c14166c3a26c |
| SHA256 | bc9963ddd87661d5415cb67690e4e7d815f94f6d50993f522aaca06d7c9b2dc8 |
| SHA512 | 9183e70c830f28059b64e5ca210ba5c2261657358db3c85f7db0e3c04fb483e9579ca82063398675abe924704024eaa382ab1647701b006fff5cb372e2ae75e3 |
/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar
| MD5 | e1a5b482a8631fdfe44db65cde49ca83 |
| SHA1 | f602e272f0589ee87bd4859b7ae78ff8291a9cc5 |
| SHA256 | fab2e6b9a34e7dd7c7d581f224a8a7a7ba33cb7b4228e395dd07f22a327daf4e |
| SHA512 | 37b68000589054d41553ffd0e541e5a8d2f1dd05df51a78097c6bd78322b7827918c683ef53d3fe647b80203ac123962cd5f7d3cb5cebbbb8e4198cfc04055cd |
/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar
| MD5 | 486195161b29d239b80255b4d3348709 |
| SHA1 | 94e2b46c86cdaffa3c3a116f593cca3bf6d8e8d7 |
| SHA256 | 8bf8cac966cde2d765514997f7ffb2949b371cce78f629ff3bdada8209271c5e |
| SHA512 | e3e0a8fd2008033a0d25663c6a75d77e32b21cbc7b92927cc796e56837030008e89b944ceddf42e6d5d8eb6bdbb82aba6476e2d77da0652d1a4990636c9812ba |
/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar
| MD5 | 055f73bbfdb7bbda3df579326a80b3a1 |
| SHA1 | d4a19cb6c09078ab4baf356cfb1eeb0f8478eee5 |
| SHA256 | 76dc12034758becf7449f25f30833bb86eb70bb67c13bc2776cbfd38d61bc894 |
| SHA512 | 65585dc1bdd2896c43016159583a3b40b54222217fd65b28be4460895fa38d91af17e184c6ac5f495e55d3e177d04349c34c658acead98f9076f8b1267b576a3 |
/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.dat.jar
| MD5 | fffe9430048a22defaa5ca626f8c1669 |
| SHA1 | e55ac62d94b111cbab176ac44df2dc6cdae2a677 |
| SHA256 | 0619ad0b92785de36e475599497aa8adfea3a5ff6c86a1488226579c9525545b |
| SHA512 | 58c253dc1c0c52dec65f39f81db704fb9b12e6146df2e9ec1f424de465be3f0326e56b66eb7766c59d77f42d512a261548fa9fb083600e78c3c4d2385bdf4086 |
/data/data/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex
| MD5 | 9114826b08325b51a48fa576c076484f |
| SHA1 | d291fa21161f1157edb0a313dd81b1150fd70598 |
| SHA256 | aca73a49aeb7db4ff6b6eeb2dc0c9b2733270bf2076e88a976ffe2802b88e84d |
| SHA512 | dbae74484ee456ac7cecec9f23835c658c63d68feaa7f82befaee19821b0a70c1e178b5976d92bf2c5aa701ac4fc7524a95ccd82d4a6582fb4dbab905e8b0d02 |
/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex
| MD5 | b8559b62073f2c99afc81d175aa6225d |
| SHA1 | 876c73f55a258aa7d82fba6f6376622b911c574a |
| SHA256 | ca52ab13fd9f3c67fa32137897ed366e2defede6678cedb19ccb11275d84ef22 |
| SHA512 | 2ab922eaa2dfb3794365452f80a0c4a16b33887b091c942decb7222d487d1568b832f16af15ff8f5de0d41b899ccb637c4620137b5fa9b15f198b6b0404a8560 |
/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/adcBMbxqC.dex
| MD5 | cd9689dc447cae57366db537314f71fb |
| SHA1 | 92d7e239c7ed92d2bdc0d9ca41c180b4c2fb5530 |
| SHA256 | c463870614444f58d1df36e0af2126cf166cbda22c8b1b618314a7ef5265f48f |
| SHA512 | 9a95d362f1313512c23e98c1c5536b308431c8c67cd01fe32dd162d38ddd976a1a700e6f4e33786853f347980f15483ff749ed994f7e8f2a9360436c89fd3693 |
/data/user/0/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/stark.ext.jar
| MD5 | c370fa7e36236d4cc3d088079022ea59 |
| SHA1 | 33e6fd422783fbb4407216ef73d61a6443740a59 |
| SHA256 | d4c4df5d14398b50f356ff15f7845b5b489bd3a27ff0ef6ddc8155b95abb002b |
| SHA512 | 09060c4f1d5c6706597ee99df25a36645db937efeef72fe6307161b063c6d4e6787a9d4dee0a6b01c252dc1730bb617988c681e4c51d1c8560d86ede1ded275d |
/data/data/com.glgjing.stark/databases/androidx.work.workdb-journal
| MD5 | 4bc4280f64ee60f6c56c6bf137571237 |
| SHA1 | 812eb35ab38bfc4ffa74cbd1740f4a3cfa870565 |
| SHA256 | e828e35766e92660f9c651ebaab01da205ff884effd059047bbedca42e7c82e0 |
| SHA512 | bb984286e678b3f6b4710a7fdb0449fc1cc57c80cd30e05e74dd0c96557b94051b2e027fbe9e566ec47a827d964c6312d8f36e0c562bac14ff4c88d7f02167f5 |
/data/data/com.glgjing.stark/databases/androidx.work.workdb-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.glgjing.stark/databases/androidx.work.workdb-wal
| MD5 | 4f0d8cd46fdbeba04045156566942f2f |
| SHA1 | b90e521ff06e5e14643a505bc5dc495f7b1a5ac5 |
| SHA256 | 186e51b1a8652d51d0055bf20766b2928e95e404530589de49182eb8bd3a5eb4 |
| SHA512 | 812d2afc0fc08f06c1013617140884e9fb42f5d94c447e19132971c40a189da9772b2fc2222ca228852efb31740013000570f0fd73212836391a5756a8fc52a8 |
/data/data/com.glgjing.stark/databases/androidx.work.workdb-wal
| MD5 | 519966b474de9ae299fa35cf4a1cedc1 |
| SHA1 | 0ba55a74b4caf2920eca7a3cfc1e1c8e5a87ecf2 |
| SHA256 | 28e5d6684719fd273aba9d4c70504b45abf5f63bafcf0a321350e4367254f9bc |
| SHA512 | 5f7889c80b28893787a34a9e336a0b694647bf37e1293d49fd6bb18985763f55870ed41b7957148c93d3d729713921cf8f9713e5eb57241318dfe341cb18ce4b |
/data/data/com.glgjing.stark/cache/1610724645094.jar
| MD5 | 03ee9d194982da8259d81957162c9795 |
| SHA1 | f05ab5cc908262c4dd51f3e8ca49bc346dc136b2 |
| SHA256 | d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b |
| SHA512 | 241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff |
/data/user/0/com.glgjing.stark/cache/1610724645094.jar
| MD5 | cf2ed89992c1145a27f078b9da17e96c |
| SHA1 | 2afc75b5bc6329198ec01829e6c6acbd0c0dee01 |
| SHA256 | 84009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78 |
| SHA512 | 8240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5 |
/data/user/0/com.glgjing.stark/cache/1610724645094.jar
| MD5 | 1ced7d2175dffa49a034973977306116 |
| SHA1 | 3f8200a08b62466017e817605c5386b31bd7810d |
| SHA256 | ab58700e1e6ebd3427baac6356ac257a9e5d4b51119132b6bb2c9591355ae98d |
| SHA512 | b0e9791e2cd69962a0b5e64a77c6cbe932b2e4f205a533ee551b68968c702d35c52cfeddecf743b497e6058c0884124e3dfd3d9a471d0774eb7ae7046d8c63b7 |
/data/data/com.glgjing.stark/cache/image_manager_disk_cache/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/data/data/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/stark.dat.jar.cur.prof
| MD5 | 73655a8f650ced0efdd12e4683bc7ea3 |
| SHA1 | 849f4e8018e291eb9484d9cb31ad7200e437f5ae |
| SHA256 | 9b1d57c6cb23acd923c8abbf3d5f9d2859e62b7b1ed26357a580b76363847faf |
| SHA512 | 261e2d74546980c144525a228cb663ca7a39387da215ef8342596a8ce2027cf078fd3e74da568faf5faab02217cce2a1b310c27a61623f0fa6f65926d7258902 |
/data/data/com.glgjing.stark/app_u62ngq1ruio6nr2g9zfr/oat/stark.ext.jar.cur.prof
| MD5 | cdc63637c88ed5fc366c0e85d7cf442b |
| SHA1 | 68f00c2470bebef66e8ee7cd8b15c54e65cdffd8 |
| SHA256 | 06ec539f055902e093617195f8f08ff42483e1c069fad6ad7f5d7c438f75de97 |
| SHA512 | fa616f080490f305eb909db8f6472d5bdef603f7446ea2469ad2b631596b1072856fb3bab0cee8078724fd345c61cc0226d097abf2a82cf1c6c29072920665da |