Analysis Overview
SHA256
e9df65be2c71b4b8ffea8f085d4029198ae4988f317ef759d4468d1096bd088d
Threat Level: Shows suspicious behavior
The file e9df65be2c71b4b8ffea8f085d4029198ae4988f317ef759d4468d1096bd088d was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks Android system properties for emulator presence.
Loads dropped Dex/Jar
Requests dangerous framework permissions
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:53
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:53
Reported
2024-02-23 12:56
Platform
android-x86-arm-20240221-en
Max time kernel
37s
Max time network
139s
Command Line
Signatures
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.hardware | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar | N/A | N/A |
| N/A | /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.glgjing.stark
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/stark.ext.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/stark.dat.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/cJqYNHtrE.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | irlmaster.com | udp |
| NL | 5.45.75.40:443 | irlmaster.com | tcp |
Files
/data/data/com.glgjing.stark/databases/a-journal
| MD5 | 610a4c1a1f14abe4e8b4abbfe3bff3e9 |
| SHA1 | 1fa48d617e00f72ad370531ca859d088ce66165f |
| SHA256 | 8c2280887bc1132758350b73d2227183f2265d9219bcb1e58eae7892b361d961 |
| SHA512 | 2e79c44e29b8328a1c001760d446e1dcc7384c2ea8cd4f5ce426b10a5d8534be8013d97837766db68d8878493327c9cc59f09b33704c5ffee121f1227b4a94cd |
/data/data/com.glgjing.stark/databases/a
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.glgjing.stark/databases/a-wal
| MD5 | 5cb40ca45bd033e1f5bd49d7dcdfe16d |
| SHA1 | 2237b0fd88294a25e397542c653db55ec21f47a7 |
| SHA256 | 58a37d36df49b84badce7d2df54452ecc00c5f1a9ccdf07b077f207122045826 |
| SHA512 | 6237f3ada8be4854415eb1008b058ef939b735f56aa39c569bd44cdf20e14581cd04db304ba24b5b8bf1db9d9792760fb0472996ee548c52b2497212730cd09e |
/data/data/com.glgjing.stark/databases/stark.db
| MD5 | a077f41e9c48540b635ae9473cafb745 |
| SHA1 | b736b5bd1db08cc950cd54369eda3f0d251843ab |
| SHA256 | 51239205ee65f6a3aed8df715d98b77426c470db0a6b0af8306774fd1b7bbbfa |
| SHA512 | 6204c70b4c805086ff9761ee587940414f53df59d17cbb1de5fb42727745a3fcfe7b985c14ca040863beb982d093a1ebc159c9c0a3320d789be08c2e418da611 |
/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar
| MD5 | e7ee23f90205002b3ce2515515782ad1 |
| SHA1 | 007bdaf63b5afcc0171cd3bba46688dd7ada5cd3 |
| SHA256 | 18c30917006b68e7a6f1c4ad3f4bd81da63b321c9a1a0a2c85e2fe74d425d8ed |
| SHA512 | addc864a6d5dacf115a5e2b836663e544f421b8388b1b25edddc586bf876b2d8885d002a5618e4979eff580d07fe5f341388624da28ea76fd485dbac7bb1b3fb |
/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar
| MD5 | 1149014fc45f5e42cd1cddcb5e73293e |
| SHA1 | 3da4eb52cf439acda7266b9d349d54b1338bb764 |
| SHA256 | 80c20eefdc515c7076d883934b832d8da7006ac04faf4b5b80a52d895ea98c92 |
| SHA512 | b8f6048dd1372f4e3cf6666b0ad4b8b21ab589626e8b61a7db2e0f548e2d92ec79c1d09263b82852da697d1fa8dab2ed2fda672d281d97b4fe5c16b38ab96a76 |
/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar
| MD5 | 1486411e6d733dcbee378ceb0de6c1e7 |
| SHA1 | 02f3b9d987ee926bee1e30f591bae3b310328870 |
| SHA256 | f48bb90c9a68bc6398a83d14dc5e7e41e3f59a111f4ddced1015ae8f3796bf50 |
| SHA512 | 55c19f7e7da7218c863351d005f42c4bd12858165e1d2b1b9830d67aa57d4466eac58dd6d5016753c7aba0c320a578933ab58019544a6be8a269f2c794b295ea |
/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar
| MD5 | a96f0af29b9790f143c028e49d6b8bc2 |
| SHA1 | c08436066402c532e09c2464d131f41e4fbf7245 |
| SHA256 | 7bd558408391fb671cc50e265960eeb4617b5383eab95539b5a5155940e26689 |
| SHA512 | fe76cb00d0f175d351e3c6095a7b0c61e58e1e196b0ea6c6f3e827578e925eb4bfbc940e228aeaed344f553ebf811f0216df29c02ad1fc8a39bf00bee8dbe1e8 |
/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex
| MD5 | ed53e4c6cd60a79f73d4cf1a14653a23 |
| SHA1 | c412d1d3bf8b84b36968960fbc2d0aefd9340a60 |
| SHA256 | ed66bfcbad9e8be6fd9c4b5430bf846f5f68a1df50ceace05565f13afb7ad224 |
| SHA512 | 656f7b2a22640a46a3fd5c55dffef2f8741a4753b9dd9728505b1e7f81142f63eff77bd836853e4aab6cd97cfaf0ad3ce0492f23ab369af8e6087b4680adec58 |
/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex
| MD5 | 54f7c70b06719400370ffcc7a67a6f5f |
| SHA1 | 640b542b4ef9567f48857315da0b4c099e1ebbe1 |
| SHA256 | 5cf2ba2675ba60dc834e5c37600c939296cc8d3a63f2e2aeb599bb1e783fe199 |
| SHA512 | 6482bd89ddc5c859892e4685d3192d8e597d7e7c1c5ec4082355fa126bf084f780b872b10dcf3fa5e7f83e420c64d7daed3c3a1b7602193812e61df33db906cd |
/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar
| MD5 | b53cd76f9777141c0f82708170545658 |
| SHA1 | f4eb6f3cbbb8c8301f1f124ad5d29a79497816e7 |
| SHA256 | efe7b5fcfe293fc852a4b4e15612437ca0c43873e1845316d4adfe1e5d056d03 |
| SHA512 | 0bd76ff56a0959ef5c6faf266ca301c72e4d23361d859bc7a223391346897fdd06884a5c8d416c71ae8baeb1bbf48a49a520d1b885c38488d14b05764f3f92a7 |