8243eda9f9746b80e6b082cee83b88d7138c7721e972821bd024a7bafeeb08cb

Analysis

max time kernel
30s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
24/02/2024, 10:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8243eda9f9746b80e6b082cee83b88d7138c7721e972821bd024a7bafeeb08cb.apk
Size

11.2MB
MD5

4c80c81af44f30de9909ad5a80153f76
SHA1

2f2a2b014dce657cb25fb0c65569909152560c9e
SHA256

8243eda9f9746b80e6b082cee83b88d7138c7721e972821bd024a7bafeeb08cb
SHA512

fae0ed0da470724471102562af9358509db0844648a7011ed02215022dc728a5d85a158c81ff6d6516e3d9774221eedf742dc0977ba2b9ec15064416967c0724
SSDEEP

196608:2+DsCjf8gdAgugttm4TYBOw4pbIy+eOavL3SWpotUYByuBK6Q7DD:JsCjUgOSYc9mM5uWGUk06MP

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.hardware	com.wildsky.wildunfold

Loads dropped Dex/Jar 8 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.ext.jar	4268	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.ext.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/oat/x86/wildunfold.ext.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.ext.jar	4242	com.wildsky.wildunfold
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.dat.jar	4300	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.dat.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/oat/x86/wildunfold.dat.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.dat.jar	4242	com.wildsky.wildunfold
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/mtlgqEFGr.dex	4324	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/mtlgqEFGr.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/oat/x86/mtlgqEFGr.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/mtlgqEFGr.dex	4242	com.wildsky.wildunfold
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.ext.jar	4242	com.wildsky.wildunfold
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.dat.jar	4242	com.wildsky.wildunfold

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wildsky.wildunfold

com.wildsky.wildunfold
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4242
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.ext.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/oat/x86/wildunfold.ext.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4268
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.dat.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/oat/x86/wildunfold.dat.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4300
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/mtlgqEFGr.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/oat/x86/mtlgqEFGr.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4324

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/mtlgqEFGr.dex

Filesize
2KB

MD5
1aaad15bdaa4366a5dc3312dda9dbea3

SHA1
ccb0b15bf21e516092ec26b6480e467fe420db46

SHA256
83b483673b6f51b3372cc5603f75476891f41213f782f53b8693deccf2a64143

SHA512
19d74b479c75dfdb432e7ace511a550f2b39d4c52cfa669642c79847a1234be98d91035b4c9b1cf9a10ebb920478634c42783b9a0ef7fe4e80667c771105ef71

Download Submit
/data/data/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.dat.jar

Filesize
3KB

MD5
76a6adf763ae34d9ce7be6f45b38d905

SHA1
432d99fce190c267abc662b4a4ed56dd3bbb736b

SHA256
6945fe71123f3762a07614683d0248a3d9f92eb975d1ec8d1247e1fac0d0471f

SHA512
9cf8e8c187c767fcffb385ac0ddc3fa2b2c0c084cd6f4ffb34b084ec7f107efbeef721059ebcdc25ed7a10a272cecdb0e1398c5ca0e0ce294ef7c5cfc3fb2af7

Download Submit
/data/data/com.wildsky.wildunfold/databases/a

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wildsky.wildunfold/databases/a-journal

Filesize
512B

MD5
ab78848caa3e9c3e9f505a47d33ce6af

SHA1
0b8f81f2cf3c3ef927876e14c911c0cb20445b14

SHA256
d94ff8bb45bb263b1d3fefe4b07dfd5456926b2fc9bbc89bca317113f125c92f

SHA512
264ef128278162d8dccca838e7850357bf324c52c978ed00510bda80929dbc477b6a98ca725fbfd147d2440f4daf2fd733b7ff69169d1cd9bce83ba9bc3c2ff9

Download Submit
/data/data/com.wildsky.wildunfold/databases/a-wal

Filesize
16KB

MD5
32c1a9978954db1edcac40872bae60f9

SHA1
40389233c90629067aeb102c018db5477f6f316c

SHA256
b76c7b846907b2c1de840b01dd565133e648fb2bd88ebe8bb61339c63d8aea99

SHA512
e69866a044e0e9c05ef6d1d652b22b4ea0f5d8be6ed589b597d99958e6c8f4fa63da4a107a84bc7ace920580e718ac87bb1b552b900764819716f6cba328d4aa

Download Submit
/data/data/com.wildsky.wildunfold/databases/wildunfold.db

Filesize
2.7MB

MD5
7cac2b4175dbcf393562607b3829bac2

SHA1
ca32fe0f048c9391117f53d73b5561055207274a

SHA256
dd16c4d70d534d4fd699fd7fc31b727a8ae56bab3a59913fdd2911d609ff5902

SHA512
379203b1c45aebec74ae29e194b1f01f969c8900dcf8855faa2f6414b158e0b2f1521a214f6c09502b2275962bda3987cd2af07dd23dcbb8706d27bb7792ad81

Download Submit
/data/data/com.wildsky.wildunfold/databases/wildunfold.db-journal

Filesize
1KB

MD5
67980ba2eeffd6ab34167099000cdca9

SHA1
c23a515663caeb8f7ba0f70a9b02f89609d751ab

SHA256
3140d7c0c3f0db1b69bcb7046e6287c5a5a07c88569ebd18d5a1b0606c8835ce

SHA512
8237cd4a918c8cea804632bec8f6a156567095c0fdb4d6bb7182e8f4d70a73921d033754a7de968b9ff6b3e6b238e9a86cbbcfa36cd7fe4647ed8abb6f94078b

Download Submit
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/mtlgqEFGr.dex

Filesize
4KB

MD5
e918ccf63d82de3ad7781de9f6ee2d0c

SHA1
1e3c33ed0258b37d8830316b08aad947adf82148

SHA256
dfc54a493ef316849aa72907c6fb013fec95a1c529c25a3af6d7c828b4abcd51

SHA512
fe677577e236c67b9c32df1fb021ce0ddbe1b320b36dc6c527221df7dda36cb008e8af2b5ae645a3f6a799a8e032db37761aea864083aed6f067367d17e5d7c9

Download Submit
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/mtlgqEFGr.dex

Filesize
4KB

MD5
feb091dcdd1eb37212883b2708e4e306

SHA1
e3005ef1f79527ee1c929a297753dca8b6fd3168

SHA256
97b05737bf6e872777cfd82901fc50aa9a678cfd65fbc8e5a5599bf79f5cc857

SHA512
98e6588b1babcd9a3164541682261199661a72ff6b0364dc14e957d9cd844a23ae28ee5a1203739d99a8964952e8d7205afa72334222295470b444c1fbb34465

Download Submit
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.dat.jar

Filesize
7KB

MD5
217cfdfcc31285f70a1f70167b4444be

SHA1
788eb78d937bcd80457c6e30d89c74c2a99154b6

SHA256
60da36920d98f07cf6ba1e8055658d71d2c0eec56a84e60008cb1a217e031780

SHA512
26d5828f32157b4f6de71b3fc0c5a0e577d9c0d0c3e2d56a9e712b29c489a98c17494bc99a59d2d3e04496f5abc4bf5e85dc07bf450da4979a6a857c27e37e67

Download Submit
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.dat.jar

Filesize
7KB

MD5
6401844da5979253bae43648d548ea0c

SHA1
261cd9237f62754c9bcfdd830950576917dee4a7

SHA256
eb3e0cb578b5b575c0c03d1ad9281fa7a8be82aabc8bb05e317eec045a039e42

SHA512
8f88a5fb9515b0d9cd49b0487699c33e3772b8d688b8c4bfdb81c9cea30753312ea3934867bfc65d24f99bdce3dedec59d0d8fe1dcb0c2bde04ccae350168dbd

Download Submit
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.ext.jar

Filesize
6.3MB

MD5
3b29280cd17a0d15ebd4ff0e7f47aee6

SHA1
1d60be4ef41afa721593cd4b2ab93af7e1454b26

SHA256
bc72c83bd5a138d7858666e1ebae69a8e6c9646abfb2abcabe57be8dcb2ac54e

SHA512
6b731bea01fd3134007439215e7fe060c8e443ecfe1f6ca09b462c919be5427a8f777c40e15b8bbc4447526b93ff1cf0fe797f286cfd23acc2f301a7deae4df8

Download Submit
/data/user/0/com.wildsky.wildunfold/app_rcbx6yjcxvt2izc6usor/wildunfold.ext.jar

Filesize
6.3MB

MD5
b9046c810c67d9d540c993538d928844

SHA1
cfc6ecaebba1fabc61d79eaa2f523abc468217e4

SHA256
96436576346fe286470f1d657f5016a4902ecb7c4066010683ffa7e88f8f33da

SHA512
e83a843708f1197cec87e719dd4a924faee6dbe7f380f84e6259b87c0d222cddb4f7be357e35fa4b8e054b3dfe8711ab9d5ab9e01937452df6d4deca3cc97695

Download Submit