5952d3b1e54626b17c7ebc5fcfd788b374f9f36ee125cba011801d93313f1ea2

Analysis

max time kernel
33s
max time network
161s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
24-02-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5952d3b1e54626b17c7ebc5fcfd788b374f9f36ee125cba011801d93313f1ea2.apk
Size

11.2MB
MD5

d293661600fc1cd13f47c07c125128c7
SHA1

6c8c67f321e9b2c01429c1fbfe2345a5ddbbcdc3
SHA256

5952d3b1e54626b17c7ebc5fcfd788b374f9f36ee125cba011801d93313f1ea2
SHA512

860962a4d63d470dd4c89eb492f4bf83078480737d49f7654c6455f2585e715b22a7e3b532f5a18d32469815e0a0cff7a28619415fc1a4c90ccd18809692a797
SSDEEP

196608:m1gjh5VfSg6tdSdRYrCy+eOavL3SWpo7h+DsC2ZTUPyPFvOg8:3hoAe2M5uWdsC2ZT8sFO

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.hardware	com.glgjing.stark

Loads dropped Dex/Jar 8 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.ext.jar	4340	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.ext.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/oat/x86/stark.ext.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.ext.jar	4312	com.glgjing.stark
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.dat.jar	4379	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.dat.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/oat/x86/stark.dat.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.dat.jar	4312	com.glgjing.stark
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/kyDjnGIpR.dex	4403	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/kyDjnGIpR.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/oat/x86/kyDjnGIpR.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/kyDjnGIpR.dex	4312	com.glgjing.stark
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.ext.jar	4312	com.glgjing.stark
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.dat.jar	4312	com.glgjing.stark

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.glgjing.stark

com.glgjing.stark
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4312
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.ext.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/oat/x86/stark.ext.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4340
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.dat.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/oat/x86/stark.dat.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4379
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/kyDjnGIpR.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/oat/x86/kyDjnGIpR.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4403

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/kyDjnGIpR.dex

Filesize
2KB

MD5
49243418111a1dcc2447dbf024fc96b4

SHA1
e13cf54df642a4e586bf337d14d925c5bd38c2a2

SHA256
650db9c6411fda74edfc762018b9c857ef33827cb9818a7ba85fdc44c6c79b83

SHA512
d1d8c43cf199672c3853b21f2103d04575d4882fdc06c64585eb02106eda7696527d02e5fb043ddbba3ccfab629551241e6f0bec5cb8451b51e4a7a2e2e4ff9b

Download Submit
/data/data/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.dat.jar

Filesize
2KB

MD5
ceb1725c1262441e8f36a07e57d34785

SHA1
87451c405602d37ae00a9cf2212d40537a01968a

SHA256
4eaf1129604149afee9485c3202c41a2fed9f07f8012f57439c3789f97106c24

SHA512
5876b58a0dfcf39ad5afdd745f684cc66023842e496ec3749f9f77bdd0fa70832f81d10094c0aed04cf3b429b47c385b408a04516dbcbb871877112d6bfa9ea5

Download Submit
/data/data/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.ext.jar

Filesize
2.3MB

MD5
4e0c8d3469480807882197beda5f0e2f

SHA1
96d3e4f16e768e2b174de518f9cbe226e76af213

SHA256
f3f3c41386d345cd8708429ba9d01f7d9e6e4c66fd7398240ee5a200a2dbab8e

SHA512
8a2bfa4744e321375c83a97317e21c0b14df7c5b6a4f7f853199183d6bc6624e9e982f2af3acbfebfc74e751557bb51410cd44753dc2d2ad1af50eb128b76d0a

Download Submit
/data/data/com.glgjing.stark/databases/a

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.glgjing.stark/databases/a-journal

Filesize
512B

MD5
a7026c19b7d82f961d7066a6129d2e8e

SHA1
64e1bed855b6efec8786dd8a1335fe072adafedc

SHA256
fae2e56ba7e6549ef2f7da7596ee883e45fc503f9dfd5a001acb41fadb4d90e3

SHA512
985c33b36d17dcd39337e243cfa218d819dfc4e73a29c6dc7740c51155b49d9e59bc7237db6453b561e0b4f71700c5ad895ad3bab185d0e7f6a4ace464e31c4f

Download Submit
/data/data/com.glgjing.stark/databases/a-wal

Filesize
16KB

MD5
8ca00c122dc252e917e49fa76a203a1a

SHA1
f7d94c00ac1f39f4eb2ccd90c41cf51b99d41408

SHA256
e6e8ca3c0fc9da9a5df76141bc1c34075d366418242a27940abf665c1f52b0eb

SHA512
a1c55fc12d5210d7bd0031f5d58346f83ad021827a7a93a1821c11a4f5173001261bd3f07af1dabbd6f00d9f9525c9e7988fe8311687c5f2fd4aa48023365f6c

Download Submit
/data/data/com.glgjing.stark/databases/stark.db

Filesize
2.7MB

MD5
3ee04b176cbb9995f3128c7402f25b1a

SHA1
f440de720a4603c92002f6226f394a9acf903d6f

SHA256
b8b9f29588ba9e0bd2a9c6140bb1a2f8f6ceb6826cae2266c5f606a8e8d51e42

SHA512
f0f6c8cfadff1d1dda15685f1bdf31fd3beffafd23f54e0edb6003129995fae2e9f47b14c1415e9f05c20463dcd874d0189bd68d5dc8a7368badd38ab7583695

Download Submit
/data/data/com.glgjing.stark/databases/stark.db-journal

Filesize
1KB

MD5
e74eec80bb482ff75d224d077ac0a28e

SHA1
8831dec2e1b2f621bdae0355dee147182910b054

SHA256
b0553a27a032a00834cbef6a031a25a98b89b403347cdeb564bc1cd954e6b4c1

SHA512
a11fd3e3b646c3867824d540f034f5dd6983d526d38fa05e77b5395a2725759f0a8c9ca7a75b52cfdcbd875a8cb36f05d5287082ea30e9b0bbc35fc425968ab2

Download Submit
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/kyDjnGIpR.dex

Filesize
4KB

MD5
f14265f3e7ddfc6de3fb1ce6abb9ca90

SHA1
e1f5774b5d512d61705c64a185be2766a53433dd

SHA256
d92e0ffbc907f13f3743545abc7329b1901cea964347a48c4f7247b61520dd59

SHA512
e56724b5d437e95be6e927c6f1d054696876d31d747903fd533585f32e69509e31377a38f549a3664548a981124b1b81de6a25b292807c15eb339a39f0fcbd3e

Download Submit
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/kyDjnGIpR.dex

Filesize
4KB

MD5
6d4380d4181cee1cd1634ee6a4d3b44f

SHA1
1d89c936050cdf6eed75dfb2fe21ae4c51100697

SHA256
68b9d4b47fabf6a14f5f3ca0f835f659faba21791ca7f7b6d426fb417d11657a

SHA512
733ced3e75c576e2bff1258577b0c8be0ff55b2f4e87b2f90a6b1b58bf7f36d8fc2ea112ff6d07cb5a4ca29318673dbb6bbfbb4a693448787a83891b66ead47d

Download Submit
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.dat.jar

Filesize
7KB

MD5
00af644b7a4791577a7c93218061479a

SHA1
a23fa354b0d49e61e68a72780d2cec40d9bad678

SHA256
fe23e943fe4d4af207757cf755cb41f64410dc5716865cf310636e44f685b25a

SHA512
6834ac0cd5afdf8d1ef80b48fd187c8323f92c03476af7fbf9a61b37a335fafc45ddf6307f92923880a2b79d601e6bd3b3cc723902908f1350fab03c865f9b6b

Download Submit
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.dat.jar

Filesize
7KB

MD5
c109ac19a93c9edc7ae78ad507793f65

SHA1
71c5de010ae1e5480270ccdc48dbf82b7fb5a26c

SHA256
347fdb736d7c030072a073bcb57f2dcb0fd9dc3df4f7f26842734095af77b5fb

SHA512
f997704783730f85b649768d21eac53793d79a6dc1072bc0bd4ce0befd272360df7aee72e759cd0264907d610f7ca4d5e3a9f37833536c2678af76f503d42541

Download Submit
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.ext.jar

Filesize
5.4MB

MD5
08667a815c3db32d5b443332199fc6fc

SHA1
9ae704e47cb6b38849ad85ac4c741e06eeac8edc

SHA256
18326d82f1f3c7421ae215829411e505a9ff45ca6749277c2e69e7919b2e44ab

SHA512
9ff38f023f08dc09de1f8c4ad9eae5583b53bac285d519e9bd72511468899f3ecb45953887a8f00c3dec7164c7fd578d4ae314fc1b79ba85c62a111805e5f1eb

Download Submit
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.ext.jar

Filesize
6.3MB

MD5
a4becbd2bd44655d0a66c357fe213d91

SHA1
35235127eb27c798fbe4c978838b49c56c02d493

SHA256
10df5d5e6c8f42470ba62bdec5e8a0f3cf3021a2996631c5f1f3516aa5480688

SHA512
448e2495d519252fcc3fbe87e346031e7d4bd3cbc003b8757998a4dd07f7b3ce0c844bd156a90727a24439161a54ef9b2736b3daaf97459b6e2fb556005e1109

Download Submit
/data/user/0/com.glgjing.stark/app_a1f83zanhdvb799gam7vi/stark.ext.jar

Filesize
6.3MB

MD5
10cd4d75086b4b8d66a9ffe59ea99eae

SHA1
7fffd6a04676ff4bf8bda9ca61ad2071db91e491

SHA256
d0f9487902e490c5aab5ac87336bafc392b55eb2296041c480aa9c5f381c7cf8

SHA512
3129cdbbc26d91cb9b34cc70dc8e579dacfa83aeb52b42e46eb6f73c5b2a7283c5dd4ba5801ac7e94aa46a4683b6bd512fb59603ad21f9cc741a8114bc264252

Download Submit