Analysis
-
max time kernel
37s -
max time network
139s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
23/02/2024, 12:53
Static task
static1
General
-
Target
e9df65be2c71b4b8ffea8f085d4029198ae4988f317ef759d4468d1096bd088d.apk
-
Size
11.2MB
-
MD5
8c94cf9398cd7cd7afa417738f8fb7d0
-
SHA1
6ed824160a74d3187adb876f97d80714d4a9b5ec
-
SHA256
e9df65be2c71b4b8ffea8f085d4029198ae4988f317ef759d4468d1096bd088d
-
SHA512
af0627e3d76fc34d627616666f30364510327b5225b01b02413e2a5ba695147a1d9a7251c2e82217c3883c49939fd67278c8856054e197c278779974594e9390
-
SSDEEP
196608:lSKattfSmHpzy+eOavL3SWpoYb+DsCcn9a9ZkbZVfpF8lWAu4Z:lWqMpzM5uWasCcI9Z2Z9mu4Z
Malware Config
Signatures
-
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
description ioc Process Accessed system property key: ro.hardware com.glgjing.stark -
Loads dropped Dex/Jar 8 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar 4258 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/stark.ext.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar 4232 com.glgjing.stark /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar 4297 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/stark.dat.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar 4232 com.glgjing.stark /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex 4320 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/cJqYNHtrE.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex 4232 com.glgjing.stark /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar 4232 com.glgjing.stark /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar 4232 com.glgjing.stark -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.glgjing.stark
Processes
-
com.glgjing.stark1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4232 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/stark.ext.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4258
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/stark.dat.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4297
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/cJqYNHtrE.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4320
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5610a4c1a1f14abe4e8b4abbfe3bff3e9
SHA11fa48d617e00f72ad370531ca859d088ce66165f
SHA2568c2280887bc1132758350b73d2227183f2265d9219bcb1e58eae7892b361d961
SHA5122e79c44e29b8328a1c001760d446e1dcc7384c2ea8cd4f5ce426b10a5d8534be8013d97837766db68d8878493327c9cc59f09b33704c5ffee121f1227b4a94cd
-
Filesize
16KB
MD55cb40ca45bd033e1f5bd49d7dcdfe16d
SHA12237b0fd88294a25e397542c653db55ec21f47a7
SHA25658a37d36df49b84badce7d2df54452ecc00c5f1a9ccdf07b077f207122045826
SHA5126237f3ada8be4854415eb1008b058ef939b735f56aa39c569bd44cdf20e14581cd04db304ba24b5b8bf1db9d9792760fb0472996ee548c52b2497212730cd09e
-
Filesize
206KB
MD5a077f41e9c48540b635ae9473cafb745
SHA1b736b5bd1db08cc950cd54369eda3f0d251843ab
SHA25651239205ee65f6a3aed8df715d98b77426c470db0a6b0af8306774fd1b7bbbfa
SHA5126204c70b4c805086ff9761ee587940414f53df59d17cbb1de5fb42727745a3fcfe7b985c14ca040863beb982d093a1ebc159c9c0a3320d789be08c2e418da611
-
Filesize
4KB
MD554f7c70b06719400370ffcc7a67a6f5f
SHA1640b542b4ef9567f48857315da0b4c099e1ebbe1
SHA2565cf2ba2675ba60dc834e5c37600c939296cc8d3a63f2e2aeb599bb1e783fe199
SHA5126482bd89ddc5c859892e4685d3192d8e597d7e7c1c5ec4082355fa126bf084f780b872b10dcf3fa5e7f83e420c64d7daed3c3a1b7602193812e61df33db906cd
-
Filesize
4KB
MD5ed53e4c6cd60a79f73d4cf1a14653a23
SHA1c412d1d3bf8b84b36968960fbc2d0aefd9340a60
SHA256ed66bfcbad9e8be6fd9c4b5430bf846f5f68a1df50ceace05565f13afb7ad224
SHA512656f7b2a22640a46a3fd5c55dffef2f8741a4753b9dd9728505b1e7f81142f63eff77bd836853e4aab6cd97cfaf0ad3ce0492f23ab369af8e6087b4680adec58
-
Filesize
7KB
MD5a96f0af29b9790f143c028e49d6b8bc2
SHA1c08436066402c532e09c2464d131f41e4fbf7245
SHA2567bd558408391fb671cc50e265960eeb4617b5383eab95539b5a5155940e26689
SHA512fe76cb00d0f175d351e3c6095a7b0c61e58e1e196b0ea6c6f3e827578e925eb4bfbc940e228aeaed344f553ebf811f0216df29c02ad1fc8a39bf00bee8dbe1e8
-
Filesize
7KB
MD51486411e6d733dcbee378ceb0de6c1e7
SHA102f3b9d987ee926bee1e30f591bae3b310328870
SHA256f48bb90c9a68bc6398a83d14dc5e7e41e3f59a111f4ddced1015ae8f3796bf50
SHA51255c19f7e7da7218c863351d005f42c4bd12858165e1d2b1b9830d67aa57d4466eac58dd6d5016753c7aba0c320a578933ab58019544a6be8a269f2c794b295ea
-
Filesize
1.2MB
MD51149014fc45f5e42cd1cddcb5e73293e
SHA13da4eb52cf439acda7266b9d349d54b1338bb764
SHA25680c20eefdc515c7076d883934b832d8da7006ac04faf4b5b80a52d895ea98c92
SHA512b8f6048dd1372f4e3cf6666b0ad4b8b21ab589626e8b61a7db2e0f548e2d92ec79c1d09263b82852da697d1fa8dab2ed2fda672d281d97b4fe5c16b38ab96a76
-
Filesize
1.4MB
MD5b53cd76f9777141c0f82708170545658
SHA1f4eb6f3cbbb8c8301f1f124ad5d29a79497816e7
SHA256efe7b5fcfe293fc852a4b4e15612437ca0c43873e1845316d4adfe1e5d056d03
SHA5120bd76ff56a0959ef5c6faf266ca301c72e4d23361d859bc7a223391346897fdd06884a5c8d416c71ae8baeb1bbf48a49a520d1b885c38488d14b05764f3f92a7
-
Filesize
724KB
MD5e7ee23f90205002b3ce2515515782ad1
SHA1007bdaf63b5afcc0171cd3bba46688dd7ada5cd3
SHA25618c30917006b68e7a6f1c4ad3f4bd81da63b321c9a1a0a2c85e2fe74d425d8ed
SHA512addc864a6d5dacf115a5e2b836663e544f421b8388b1b25edddc586bf876b2d8885d002a5618e4979eff580d07fe5f341388624da28ea76fd485dbac7bb1b3fb