Malware Analysis Report

2025-08-05 09:27

Sample ID 240223-p43agsgb2z
Target e9df65be2c71b4b8ffea8f085d4029198ae4988f317ef759d4468d1096bd088d
SHA256 e9df65be2c71b4b8ffea8f085d4029198ae4988f317ef759d4468d1096bd088d
Tags
discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e9df65be2c71b4b8ffea8f085d4029198ae4988f317ef759d4468d1096bd088d

Threat Level: Shows suspicious behavior

The file e9df65be2c71b4b8ffea8f085d4029198ae4988f317ef759d4468d1096bd088d was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:53

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:53

Reported

2024-02-23 12:56

Platform

android-x86-arm-20240221-en

Max time kernel

37s

Max time network

139s

Command Line

com.glgjing.stark

Signatures

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.hardware N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex N/A N/A
N/A /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex N/A N/A
N/A /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar N/A N/A
N/A /data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.glgjing.stark

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/stark.ext.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/stark.dat.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/oat/x86/cJqYNHtrE.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 irlmaster.com udp
NL 5.45.75.40:443 irlmaster.com tcp

Files

/data/data/com.glgjing.stark/databases/a-journal

MD5 610a4c1a1f14abe4e8b4abbfe3bff3e9
SHA1 1fa48d617e00f72ad370531ca859d088ce66165f
SHA256 8c2280887bc1132758350b73d2227183f2265d9219bcb1e58eae7892b361d961
SHA512 2e79c44e29b8328a1c001760d446e1dcc7384c2ea8cd4f5ce426b10a5d8534be8013d97837766db68d8878493327c9cc59f09b33704c5ffee121f1227b4a94cd

/data/data/com.glgjing.stark/databases/a

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.glgjing.stark/databases/a-wal

MD5 5cb40ca45bd033e1f5bd49d7dcdfe16d
SHA1 2237b0fd88294a25e397542c653db55ec21f47a7
SHA256 58a37d36df49b84badce7d2df54452ecc00c5f1a9ccdf07b077f207122045826
SHA512 6237f3ada8be4854415eb1008b058ef939b735f56aa39c569bd44cdf20e14581cd04db304ba24b5b8bf1db9d9792760fb0472996ee548c52b2497212730cd09e

/data/data/com.glgjing.stark/databases/stark.db

MD5 a077f41e9c48540b635ae9473cafb745
SHA1 b736b5bd1db08cc950cd54369eda3f0d251843ab
SHA256 51239205ee65f6a3aed8df715d98b77426c470db0a6b0af8306774fd1b7bbbfa
SHA512 6204c70b4c805086ff9761ee587940414f53df59d17cbb1de5fb42727745a3fcfe7b985c14ca040863beb982d093a1ebc159c9c0a3320d789be08c2e418da611

/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar

MD5 e7ee23f90205002b3ce2515515782ad1
SHA1 007bdaf63b5afcc0171cd3bba46688dd7ada5cd3
SHA256 18c30917006b68e7a6f1c4ad3f4bd81da63b321c9a1a0a2c85e2fe74d425d8ed
SHA512 addc864a6d5dacf115a5e2b836663e544f421b8388b1b25edddc586bf876b2d8885d002a5618e4979eff580d07fe5f341388624da28ea76fd485dbac7bb1b3fb

/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar

MD5 1149014fc45f5e42cd1cddcb5e73293e
SHA1 3da4eb52cf439acda7266b9d349d54b1338bb764
SHA256 80c20eefdc515c7076d883934b832d8da7006ac04faf4b5b80a52d895ea98c92
SHA512 b8f6048dd1372f4e3cf6666b0ad4b8b21ab589626e8b61a7db2e0f548e2d92ec79c1d09263b82852da697d1fa8dab2ed2fda672d281d97b4fe5c16b38ab96a76

/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar

MD5 1486411e6d733dcbee378ceb0de6c1e7
SHA1 02f3b9d987ee926bee1e30f591bae3b310328870
SHA256 f48bb90c9a68bc6398a83d14dc5e7e41e3f59a111f4ddced1015ae8f3796bf50
SHA512 55c19f7e7da7218c863351d005f42c4bd12858165e1d2b1b9830d67aa57d4466eac58dd6d5016753c7aba0c320a578933ab58019544a6be8a269f2c794b295ea

/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.dat.jar

MD5 a96f0af29b9790f143c028e49d6b8bc2
SHA1 c08436066402c532e09c2464d131f41e4fbf7245
SHA256 7bd558408391fb671cc50e265960eeb4617b5383eab95539b5a5155940e26689
SHA512 fe76cb00d0f175d351e3c6095a7b0c61e58e1e196b0ea6c6f3e827578e925eb4bfbc940e228aeaed344f553ebf811f0216df29c02ad1fc8a39bf00bee8dbe1e8

/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex

MD5 ed53e4c6cd60a79f73d4cf1a14653a23
SHA1 c412d1d3bf8b84b36968960fbc2d0aefd9340a60
SHA256 ed66bfcbad9e8be6fd9c4b5430bf846f5f68a1df50ceace05565f13afb7ad224
SHA512 656f7b2a22640a46a3fd5c55dffef2f8741a4753b9dd9728505b1e7f81142f63eff77bd836853e4aab6cd97cfaf0ad3ce0492f23ab369af8e6087b4680adec58

/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/cJqYNHtrE.dex

MD5 54f7c70b06719400370ffcc7a67a6f5f
SHA1 640b542b4ef9567f48857315da0b4c099e1ebbe1
SHA256 5cf2ba2675ba60dc834e5c37600c939296cc8d3a63f2e2aeb599bb1e783fe199
SHA512 6482bd89ddc5c859892e4685d3192d8e597d7e7c1c5ec4082355fa126bf084f780b872b10dcf3fa5e7f83e420c64d7daed3c3a1b7602193812e61df33db906cd

/data/user/0/com.glgjing.stark/app_b97abgbl2zjs7hus1yvi/stark.ext.jar

MD5 b53cd76f9777141c0f82708170545658
SHA1 f4eb6f3cbbb8c8301f1f124ad5d29a79497816e7
SHA256 efe7b5fcfe293fc852a4b4e15612437ca0c43873e1845316d4adfe1e5d056d03
SHA512 0bd76ff56a0959ef5c6faf266ca301c72e4d23361d859bc7a223391346897fdd06884a5c8d416c71ae8baeb1bbf48a49a520d1b885c38488d14b05764f3f92a7