35ac1cc8d0cb212dbb2c525671b3f36b8a08c26272b60d20a9599c14bede0c03

Analysis

max time kernel
48s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
13/03/2024, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35ac1cc8d0cb212dbb2c525671b3f36b8a08c26272b60d20a9599c14bede0c03.apk
Size

8.5MB
MD5

79853e61e6187aee0ee2f29a1c428b42
SHA1

a39815c9dc09b03a16b75e337bae4308bd5654bb
SHA256

35ac1cc8d0cb212dbb2c525671b3f36b8a08c26272b60d20a9599c14bede0c03
SHA512

df91cba8af9219f475772a9be15186c156a72c0139942bf2ca88390350412b07b5b27d39e09aa999f662f930b47e76e147e11cd58b91511b9ae10d920627a1c4
SSDEEP

196608:b+DsC6NMpeRjO3/wtE1UsISuLpfSxSmlTcCollLwO4IrZ:2sC6No3jusISuL2tcCMlcOzrZ

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.hardware	ru.homeaccounting.spendingandincome

Loads dropped Dex/Jar 1 TTPs 9 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.ext.jar	4184	ru.homeaccounting.spendingandincome
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.dat.jar	4184	ru.homeaccounting.spendingandincome
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.uni.jar	4184	ru.homeaccounting.spendingandincome
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.stp.jar	4184	ru.homeaccounting.spendingandincome
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/wTrFcoVVz.dex	4184	ru.homeaccounting.spendingandincome
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.ext.jar	4184	ru.homeaccounting.spendingandincome
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.stp.jar	4184	ru.homeaccounting.spendingandincome
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.uni.jar	4184	ru.homeaccounting.spendingandincome
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.dat.jar	4184	ru.homeaccounting.spendingandincome

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ru.homeaccounting.spendingandincome

ru.homeaccounting.spendingandincome
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4184

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/oat/spendingandincome.dat.jar.cur.prof

Filesize
90B

MD5
01cfa2167f205a26fcac9f9cb9caa043

SHA1
768ce1146104e125d0c8c059dd26a11bf9bcbdb8

SHA256
feb340a0f19a1f9d69e174b241ca3e71701dd728d1bd00e68281462e5fb5afc6

SHA512
81f08860f56cfd31defc6341ffc2bd54e73bd31b3b1261fb43fcca530f583f495a5cde2e3f1c2b34d1e217da83f73cf8de8bb9aeb2ac222dee1c4c4585bbc340

Download Submit
/data/data/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/oat/spendingandincome.ext.jar.cur.prof

Filesize
791B

MD5
ee1a3936cc8b528834c57efd04161d8b

SHA1
39c37208363189e23482cf664637f7c41d197298

SHA256
dbecb0f6927b55970a57a8a4e4003807d541ad7851d5c40dfa94a5e6c8d88bee

SHA512
f23b929a4248e24e3cb6a607cbd8428dff74d018477dc8f8fe984e9cc2ad8b4a5743aaa29617a1d3319b0f536bf7577f3fdc1d451e477baeb1d84faa6e9892a1

Download Submit
/data/data/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/oat/spendingandincome.uni.jar.cur.prof

Filesize
132B

MD5
b8f454c2da76e96eadaa0f2e9cc5343c

SHA1
17af396d8c18b789afa315a6324990088a07ff16

SHA256
262ba4601314d15b1426513848d9974e921157c6ff538e94356269c8145b9bac

SHA512
4b6acb5ed3fe3d8f2137d5d2259db1f285b2f3c54ae23121b1bbe70a5610678407d3fe625ea22b6681fe6a9e61da15306df47ed46945480fb95838d919b0fe11

Download Submit
/data/data/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.dat.jar

Filesize
2KB

MD5
3935595d3b7984e1e9f0d6fcc764d395

SHA1
81fc2555aeea7d329826d8619deaa3e48c182b92

SHA256
ba2c2f16d07a4a77787160195a95c77e81f1e673a1cd5f7517a1c3341410dcad

SHA512
8da3c31e12babf1877e30e3085e902613eb112d55292b467efa8bb34fe914ce4c27575229809dc3b0f122120f3b13eef12c729ccd8b820e0901f9243936b3613

Download Submit
/data/data/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.ext.jar

Filesize
2.5MB

MD5
a467bf8d094c887253b95944f861d099

SHA1
34a9b7d9adc3eafc7ef89225a11d29946a0a9a90

SHA256
f6c1fe823cf170f704452e41a94d86fc4e349fcec9991dc4235a3333f68d42cc

SHA512
6db0f5e2d448094c6779606b6806d0f10bc2c27469bb985b0b623b3e2a74ed124354a558cc7ef4155f23a537811a833795252b2d2a57ae1f418e53eb65d3945d

Download Submit
/data/data/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.stp.jar

Filesize
460KB

MD5
b65f0dfb08cf6425b341caccd35b0024

SHA1
6a53ac121cdeda181b4d8ba2034737d9b22d637a

SHA256
0ff413be6d9f9de6f16725432ecb9fde714fd34a0097caf536c7ed8909a2ef77

SHA512
d8515ae4d6295e0089ace1f6eef2d11cac8a271d5230acc4deff8599144231d987da769084eba2d25f974ea3bd310c42c0a18ea2452ed063bf5f316d761a22dc

Download Submit
/data/data/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.uni.jar

Filesize
168KB

MD5
dd67772803428e0cf6736942b7acecdc

SHA1
bc5b777e777edb402b654c719a4d2574407bfeab

SHA256
42c127fd0c5393b08da2e124b180919584d0e5253a91d599fa87ad1ad7d7546f

SHA512
03024a461d9d890fbc450622d54aee3446d809421c96889050839ce38e0af75aa089f3f085b8f52fc4a943d7c5982853423f8026cc1ce60d2e4ece4a1cdc9c21

Download Submit
/data/data/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/wTrFcoVVz.dex

Filesize
2KB

MD5
9602012f83bfd992f34243a4ad8c6b12

SHA1
6e13876428789171baa8614c63ae847c23519aba

SHA256
b1162e06560ec6c13a1708daa1cc4789cdcade2d54025a41a51eab9b4ba4d802

SHA512
69e7c6313f0ee4f1949bb7b5167d64c263e986902556d9c9ceed2ef5b8be1445d6fec86ece2d4de85ae71c65940d04185edf24627bb4e1a3173be12c00b4a619

Download Submit
/data/data/ru.homeaccounting.spendingandincome/databases/a

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ru.homeaccounting.spendingandincome/databases/a-journal

Filesize
512B

MD5
fdaf872fa8bce4bbb9845e9fa58c912e

SHA1
a404fba521d4e5101f38303ecb5ff7444639780d

SHA256
ec6079e58418b910832494b9214a3161f83981185a3009d99ba3e49853380100

SHA512
6e3e8f3a86f6e62115732589f4822de749cf0c06faf22882821640dbbe72b58b380b532b7a6a5e861b05a1449c618bc44914622d387928a149e926ad07f2b060

Download Submit
/data/data/ru.homeaccounting.spendingandincome/databases/a-wal

Filesize
16KB

MD5
348135a77f594b3d2b015641b031ae35

SHA1
25b9d176d34a30bfdca5f35ba7b5aa913f10fb99

SHA256
a697e61579c9d94875c7decf10cea446025cd185078cb40f335fadb0f2b51964

SHA512
35e17ee3b9bd0206d9f6c11c5671a0ceccbd40149f97502559845e889d2244b3c27bb7c136a79e56b91547497bc2132f09a1259e13f91197a11b921d24e65e12

Download Submit
/data/data/ru.homeaccounting.spendingandincome/databases/spendingandincome.db

Filesize
3.3MB

MD5
f2c2c9e949d79952bea3986bdd8fd9ab

SHA1
2ca4081034cbf9dc08859af1af9293dfb493d404

SHA256
cd3a93ecd21590d2a9c31b80d53f5933f173eb281a1d382d37c6ad0731e2d299

SHA512
508e222f65c1a94dbfbc4d118393d1ffb4e1424fa72d92932d86db63353d17b7f4c713f8cda178371190045f9b6fbc2503bdae42fd6f8835a633a0ee6a727048

Download Submit
/data/data/ru.homeaccounting.spendingandincome/databases/spendingandincome.db-journal

Filesize
1KB

MD5
0c07a08b9027f0cc91338ffa7b112cd6

SHA1
55dc92e7b2f069e25e2da048830204e45d76802d

SHA256
b3b4691841afc3c6b6fe9a754b4cce4436c17f17b92c1cd1ff61bc30e7254685

SHA512
07110c055c62d96c62c4876a838336e5d465586a6714341520eb2920fa7db8b1b2fcd8891c96d2cef6d9e5852c077c6a2b7bb3c114672958bfa076e9df99c4c9

Download Submit
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.dat.jar

Filesize
6KB

MD5
7d69e6b41cf19b879ba08d2ba2170d12

SHA1
2933e7e5966e5ee540c8b5716032b0b1bc5b8e06

SHA256
3af9640f62437409d7118c892d4f3f035f1d67619c4a2550766dfbbbceb38969

SHA512
2d71079e6f226df5e76eea06fa5748c9cf89103b23336df2c1be1442e60e7b46ffec433b790f75d57c05fa14aa81fe7cb4837113719260934520c13dcfbd98ce

Download Submit
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.ext.jar

Filesize
6.3MB

MD5
4f2ede022435adca61d9433706e22762

SHA1
df81af90800251b40f67a134b9d61a7a4a672a84

SHA256
601d748a337bb66c7139e3aee693143478daa7e988b8dd44244ff566d8593085

SHA512
b64d8cc66f0f395105cc3c5799be3eccd5f7feb5c49d0e2e621856cda5659418c17712a0c41eba7a30b3a8344ff35b815245c89011addd43b41ad3c4c5bf9422

Download Submit
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.stp.jar

Filesize
1.1MB

MD5
49b91e17f8168f2d406b5cd32e34c9b4

SHA1
96054ee16e5dccae6de5b42395813fe5cbae0a4a

SHA256
31fdc6c48124540edf532fa66a36652f997ec505662320abc3738a8308c3fe4a

SHA512
d4117115f9e6fdef2ace6724d984f60e7e054f7423195bd2cac22c22101052070c29e1350c9dbe5869b067d64c5e29fe86671757f484ac04db2102e712115193

Download Submit
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/spendingandincome.uni.jar

Filesize
424KB

MD5
3f5d5ab5cc80ae55dca1719549dc3627

SHA1
fc1a5e8b43ddd46c4d301127f9c2e07a613809f5

SHA256
adde7822a6f4b22b80e8348fe09d9d716e2f8519b8be926598a53463f43b569f

SHA512
885988fb4fb5b0a0b4c9b5f067c5b36a7fb7b731def6bbd3860832da215f19911b9a064973f74180461bace2bd04a2735142bb770783cb46e1b1d87c728497dc

Download Submit
/data/user/0/ru.homeaccounting.spendingandincome/app_tfkk0n4m9kkmo76nu3di/wTrFcoVVz.dex

Filesize
4KB

MD5
0c7e05fa8f55fce6187774b3010505db

SHA1
098fc12ea983cf3ed5dcf6bf408e2c3c659d7010

SHA256
76879e4dc4e8adba40664c5cb832af5d77b41bf843b799a0c27825cfade40249

SHA512
df2821b16efac6cfee7a0a9e6918e07385edaf6bd4f102d644771c7ae30f8a70d2f6b7e09bcdab5c29fde50fb527126b451f4de48b2bbae80d4ed1f98d3c9091

Download Submit