8894db5ef37732d934bdc024c31a5e3cfcaefc1309e221c3ebb93e2dcd0d90c5

Analysis

max time kernel
150s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
19/03/2024, 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gamepad Tester_7.6.1_Apkpure.apk
Size

4.6MB
MD5

5de627acbcc5ae1d1597f94193bc7571
SHA1

285ae44614ae34889d50c3d6e988f5851c4afde6
SHA256

8894db5ef37732d934bdc024c31a5e3cfcaefc1309e221c3ebb93e2dcd0d90c5
SHA512

e10648a1ad6058975ed4944bad9bc03e9cbc1f1f551dbe2e6f6a9802a5e6b8a83a3c3c2541dc33ef8740adcaa94a3b0a187efaec86909097bdad60229426210f
SSDEEP

98304:U8/8YfjslY96uAB/+xrPZ///cMxmm3IVBDjoTwrErG:v/1wlY8uAFUrPp08d4LcG

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.chimera.saturday.evogamepadtester/cache/1689111357674.jar	4430	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.chimera.saturday.evogamepadtester/cache/1689111357674.jar --output-vdex-fd=126 --oat-fd=127 --oat-location=/data/user/0/com.chimera.saturday.evogamepadtester/cache/oat/x86/1689111357674.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.chimera.saturday.evogamepadtester/cache/1689111357674.jar	4285	com.chimera.saturday.evogamepadtester

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.chimera.saturday.evogamepadtester

com.chimera.saturday.evogamepadtester
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4285
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.chimera.saturday.evogamepadtester/cache/1689111357674.jar --output-vdex-fd=126 --oat-fd=127 --oat-location=/data/user/0/com.chimera.saturday.evogamepadtester/cache/oat/x86/1689111357674.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4430

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.chimera.saturday.evogamepadtester/cache/1689111357674.jar

Filesize
10KB

MD5
189d24556179c74f72678b58e01308c1

SHA1
d4ed4dc1b0fb6741c6c9434348b159dbea92e0b4

SHA256
236eb17c5c14261b62630ebdc5830f4a97d3cf0dbc7bd1de98dfd17d55474353

SHA512
27dc7bd75c982173c58d3a02e793616dd6364bbc3d593d1453c5c1cb5dc0ef560b5931a7736ae12c69486fb170ee723bf124747d1b2727a4026281dccbdae9e2

Download Submit
/data/data/com.chimera.saturday.evogamepadtester/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
53528cec84f205c0aba117f06a2e2e03

SHA1
41ffc5e9a167e388b895e27887fef72b21100760

SHA256
3e1a53d29ad06c3f9eeaced8c2a2952783bdc9f01e9bab5a20a82c0960168efe

SHA512
05f635b313cf8b00e3714ca2dc75d82e0f60ad8f09523ee6f02e4f96677e31967c9a029e9214bf0bae0383dca2d321ae32b0eb2822e6270f8c1174081a8ed010

Download Submit
/data/data/com.chimera.saturday.evogamepadtester/databases/com.google.android.datatransport.events-wal

Filesize
16KB

MD5
168db01b334338f19a027c6c0344055e

SHA1
b1c33df7157cadd42d7a4e35a8cec0b276eb261b

SHA256
41855e0ebd36ad98fa62ed0bb5112eb1e6084e2207962dff77fe9efbf570d530

SHA512
6b98d507de31c2689d28140e9d030ba9d69c225b7301ac3976fc9479c9d4f4f523580395eed36f9c40bd9fd56a9011c461adbfa9399e62b34b13adea31d5edfa

Download Submit
/data/data/com.chimera.saturday.evogamepadtester/files/profileInstalled

Filesize
24B

MD5
e2f694c2ade1d1e70ddc316c907546a4

SHA1
760cda7a88c21c5360057df60723be2dfe977d43

SHA256
2a005ccf7c921f8d7f2b734ccc8109845e1c983aef917563f12178e450bf5c56

SHA512
8b25958096ebf599718862cae52ea4abdf1693ca8b4a8745b941d03188d27ba3d71625138de0706302aa962723055e083e332d0740ba6dfd59ee4407f2bbcd35

Download Submit
/data/data/com.chimera.saturday.evogamepadtester/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
b9d6769516d0a4b399883b1fcae0178f

SHA1
a53cca476d4de5b8df2a633c28f0476ee1039396

SHA256
831234137b0c6dd4426bcd5411504d3e2ee545e7568e81ecdd8543ad09ec1e5f

SHA512
820cb19ce9ee7cc741a00b176206c028f816a550a917f9de7814f926f525d6c523d7ba99bba7361312716077f9a07e3c768b10d74f8e6cc55fa4bbcdf0d0d73d

Download Submit
/data/data/com.chimera.saturday.evogamepadtester/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.chimera.saturday.evogamepadtester/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
1d57abbe5f23c90ece52b0619ef8c0d7

SHA1
32bb978324c7a31777480afceadd7852d567b207

SHA256
0a805d92a5189ad12f04a4d1377137a50429e29b6d76a355d427429638aae9e4

SHA512
df74a2e1a5197bd1e68734b796a579f0add10e3daa374fd759b5778b746d53f1338c36097446b3292ec5504b007b1023e9ae945abb192c9255b4ee2655cfcfdf

Download Submit
/data/data/com.chimera.saturday.evogamepadtester/no_backup/androidx.work.workdb-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.chimera.saturday.evogamepadtester/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
44779da6a215bd06ad05d5e3fe56c8f4

SHA1
0cc1ffe6e0b9bd7de4eefa5e9b298efc86355541

SHA256
807b6fbe27ae26369959ef20cd7ab472f46046d53845781b670d4973310ff938

SHA512
aff3bb901c6389f4a13d504b8f18f5fa3d68a1571d816c60babdbd2f38b638965bee589fc288fa3738cb2170e539141e943eb0b389bd28cafa6e2f50d7acdf6e

Download Submit
/data/data/com.chimera.saturday.evogamepadtester/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
48b7a323e648266b65d63f8a53e6ff86

SHA1
95d2d13af3155b53e128a6bc172a3368e7834634

SHA256
894518f1812a48ffa1cee05ccf2d02148d5dad2e8dc59037fad2d26723a37fac

SHA512
69584ca2b3418fa0801eb338904dff02d7714b635d01539542dc9e17d5538e132de4f769d6613bda5cd7b55b7853c07cd47cd00a928d55a083ef1d8762b4acaa

Download Submit
/data/misc/profiles/cur/0/com.chimera.saturday.evogamepadtester/primary.prof

Filesize
1KB

MD5
eb920b2ada72dd91343e28b3bfc6aefa

SHA1
29696299155fccb7647e352d2691151cbab3a431

SHA256
e77151b433c6664141294433ee6eb0664c60e14175ffbdd4826bdae507b150e4

SHA512
3f9f58636b278a7bddcd0d4d4e800fe9320a391f743a9059e1e37ce93eeb8cdd5a6c6672b177b65894d1ad0970b13c8887f0ac299a23eb23d05bbd8f78cc4dae

Download Submit
/data/misc/profiles/cur/0/com.chimera.saturday.evogamepadtester/primary.prof

Filesize
12KB

MD5
49af86d3d79853873f314af36826d926

SHA1
7a70c47b476cd243479d11b7d5c90d86c7e2b74b

SHA256
5784548e665d597821baf8b397cfd153fd4e2a090814fb8a31a51e955e17dbfc

SHA512
c030f8607f75bdad6664067b2e87ad2baa3d24eabbdb84aa04f29bf24ad24726af58af1fecaf716f40f81d4e5756165589a95a8b5708e98e570f4080f708dc49

Download Submit
/data/misc/profiles/cur/0/com.chimera.saturday.evogamepadtester/primary.prof

Filesize
12KB

MD5
1a939ff323281b517dd2ffebfb8f218c

SHA1
895b977749a1a47b8bf6cd6add877d9baf20de7c

SHA256
fd2bf63d29822c9592b8a7bcc899300ec3d87aac58ff54be6e1cdc9d79f6480a

SHA512
ab47a6e65ec9c78a79d30641093445c7a91bebe0bb9282b32f24f98678f64c0bf368e3be45971a1fa97cd38d41a2538f5d9c79b4ad54daec5e0d8fdfc76db706

Download Submit
/data/misc/profiles/cur/0/com.chimera.saturday.evogamepadtester/primary.prof

Filesize
13KB

MD5
9b5a6a77d7a65426bc70004b4d6e9a6e

SHA1
fdbf108ed47c53a007196ed6ee1120b853699fdd

SHA256
fd42939be99fd088e0fc1175c6c7406077d346955679be682ae24c7388eb9fae

SHA512
0d139fa43e3dce14791cb96b7af1c0ec9a4f1751990b3b355397394a83d5ad006da1f11c0f4e87a9b4f497d93a05b62dcf82d774879da8eee5e85ab68fa3c275

Download Submit
/data/user/0/com.chimera.saturday.evogamepadtester/cache/1689111357674.jar

Filesize
22KB

MD5
1ae022c13ce3d4bd976b4e9021315118

SHA1
0c8817d14a05d9940402800a3384bd7f8cdff9e6

SHA256
fdf2b35466c0b803f767da4cb62568688e846aad81a6bf3560197bd47f77a5f3

SHA512
aa395e134d5337c7b1b589dcb371121ed4a7accb8c0a9bd732a882dddaabcc48c36e3a7d743e1e058c870476df467cd3c378a7380cea8667b4edeb8cfd8ec0bc

Download Submit
/data/user/0/com.chimera.saturday.evogamepadtester/cache/1689111357674.jar

Filesize
22KB

MD5
2800ad09ca14a7a986a6e8becbbbb158

SHA1
cff8d824d09296149af1f7f7ad12ebb701f4b8c5

SHA256
5b3ace2783fb2b21f30cd4e20a8645e6bd6d59347c44cbfd11141b0d9afcb33e

SHA512
c315532db47e93c406308f997b1f81876dc4394838b64f93b3afce0748f1cd1c5b5e490856e5c7be0fc7aef063c0f4dcef73de0cc1a712eebc4f80a443cea7d3

Download Submit