Overview

overview

7

Static

static

1

e2659d1850...8f.apk

android-9-x86

7

Analysis

  • max time kernel
    33s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    25/03/2024, 12:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e2659d1850c6ef11af88bf893655dd1afe1dae96416e8a244bccbc774ae5388f.apk

  • Size

    8.4MB

  • MD5

    ad262ea2036d0cc84a93eba151222458

  • SHA1

    1d6fb434d2d7f83faeccc8b83bf7e8912f5ba0e2

  • SHA256

    e2659d1850c6ef11af88bf893655dd1afe1dae96416e8a244bccbc774ae5388f

  • SHA512

    7f84c97eebbfb1f1b89cd4f1d4dc932e213c2c631ad9495792e882fae02ef6be331af5a263b7be06ea930317cc1008b7409f3ce1e69ea08ae7b5f999999cb5cf

  • SSDEEP

    196608:6gJWxBMM0vnYNMpeRjO3J+DsCimQ9wvwXBAS9Rv:6rxBWnYNo3wsCi99wQBFRv

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 14 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.unistellar.evscope.android
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4173
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.ext.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/oat/x86/android.ext.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4261
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.dat.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/oat/x86/android.dat.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4289
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.uni.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/oat/x86/android.uni.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4313
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.irs.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/oat/x86/android.irs.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4338
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/YTqIfEGht.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/oat/x86/YTqIfEGht.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4367

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/YTqIfEGht.dex
          Filesize

          2KB

          MD5

          92b16249bcfd898013612d6d3f4f2ff6

          SHA1

          15fedec161370ad503b7d0961165cb8a8ccf0080

          SHA256

          2ac422d191279b0be9ed5a7c5fde05e80f498085a3d48489a9bb3f6fc517103c

          SHA512

          6d533a344d0d2789b15ae4f6cf74e214af569d0920fe7ac7a7e8e4d99d746bc30e03dfb144f15a0da0fdbb8a08c4d748dbe7143bc7fba616ff6ae4b0cb39d5bc

          Download Submit

        • /data/data/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.dat.jar
          Filesize

          2KB

          MD5

          d22b8b41335f13745bbf23a4db3e3d0c

          SHA1

          80680d676d08d6bf473ec243f9818936a4643e63

          SHA256

          7d50972fd9fe88fd5823fe89e56890b18f45973be683a40946cf36c4e283e40c

          SHA512

          ff8d0bb4a05ef95501095c3058be84bca871cb764f530c87ecddcf4fc6f3189df2169d52a830327d6c223b0e9bdd225838d2ccf0986ed9de655d272f40e0e249

          Download Submit

        • /data/data/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.irs.jar
          Filesize

          276KB

          MD5

          d9dc6eb68c146d0109fa7cc15b798348

          SHA1

          ae790a58467b802e65d7894ded6e602a38ee1856

          SHA256

          8dd16b38b638b2fa711377c3def62069d7b461d3c9dd49d05d69dda576ad6b2c

          SHA512

          b0c90f4d404d325bcde9e6d907ce5a9bde78102a3391f886d4b8dd4a1d8b3fdada7fd20e0f108223c39b79337ab37d1ab3d443b17a36899fb931ee27fd337f81

          Download Submit

        • /data/data/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.uni.jar
          Filesize

          168KB

          MD5

          1a160a20f5ddbbb34148527de3b13124

          SHA1

          d2fecb66812cb04ced051036b4c5c9d2c65d9c96

          SHA256

          1112b00acdbb5f91082e73bda2526365ae285f44434dde338c8e1c557a004505

          SHA512

          54690c4ebd9e3850a1850d0ae02af8fbdc329bfd7e911587543042c343251660ad9d766c8c5803641f0497d975b39c5b2d8410f70d87785cdc7de7daf7824f14

          Download Submit

        • /data/data/com.unistellar.evscope.android/databases/a
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit

        • /data/data/com.unistellar.evscope.android/databases/a-journal
          Filesize

          512B

          MD5

          1d7054fd508014990ad02ad4f882a34a

          SHA1

          fb59b442b102143a33e77d487d303b2ae11cad64

          SHA256

          5f031a41a1ad5943bb1b56a500171d1409391973083054b803da3de05903f871

          SHA512

          cda7223f99c4a079d1f740ddb8505217d1e1cb15f829291011ebe8aee47454c67ec958aca6c9fc0c5c467c905cf304c9faa3cb9415942d6572ac0d1610a250e7

          Download Submit

        • /data/data/com.unistellar.evscope.android/databases/a-wal
          Filesize

          16KB

          MD5

          1947f0ad8d915e27916b9da98fb572d8

          SHA1

          24460ef5d8cfea3882922aa8bae80938352ce74e

          SHA256

          558aa757b30695c523094c15e7815feaf23509519ead9c690bb29c9bd94cea0a

          SHA512

          fc734411bfaab3156e03e3160eb72de73d70a636d4dafe4927e066d0b7c04aa9615eaf0ebb0b6b4a24e3608fb85e7acfb525f282b21bf11f2f2117fcf84e66c0

          Download Submit

        • /data/data/com.unistellar.evscope.android/databases/android.db
          Filesize

          2.3MB

          MD5

          ed8fa5efb995d1351b68501d3607c45d

          SHA1

          ec58b9d6fcdc21352582026da202e793a20d2f1e

          SHA256

          6972690d4978b3e8d6ad3e40e6b558b81f698332c93c86f9966f1dca6604d397

          SHA512

          ba1e91e41ce428a36a49fcbf0387c44766f84b1ba707d52930eda4d102eb2a5b91f83f39fd5836aa077643c045d890002cfacc309cc240fff40672f418245e08

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/YTqIfEGht.dex
          Filesize

          4KB

          MD5

          b23ee9e38147d0ecf587cf2dffc98c78

          SHA1

          9e5d9c2a38f40a30ff6565837a175b1fc9ff526a

          SHA256

          a2e4ea2bef030d6575c23508cdeea732eb88059075855e203b82da4017d30581

          SHA512

          c6fb72b13101b78666db095e655f84090e64dbfe1e868852ef11bbf9d64ab72583bdff14af7225a00dfe98771461a6734b60364cb9a912d35d24676d212e5ee0

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/YTqIfEGht.dex
          Filesize

          4KB

          MD5

          0d0bc6bc2c1337f164fdf0916c960c42

          SHA1

          be276275d1edd5fb46c3c1144d9d6f128076bd79

          SHA256

          953ea6e29b1a85d66aba6c9fc4366ca4e5ce4450327180e6365e997999f5c28c

          SHA512

          af755a3686b720446c312e514833fbe89267ca164f51b88c0284b6f9ddfdd7f737f9f3837985f01e1ce296f364413a0fb2c5c02cefe56039ebcc7bd97425e67a

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.dat.jar
          Filesize

          6KB

          MD5

          04fcbc8c5096d2bca1ecac572f53152c

          SHA1

          0ff152fec25528168fff2f541ba0abf78e82f038

          SHA256

          d40c49893f0ab6c1af66ee0d75770cba0cb23322d8559f8bcb6964bd9e810bc1

          SHA512

          74fae6b4d5271699995250f336c1a2aa8f8ee5b93a9662b0c5c433471f68ddc17fcf96ec4597a983e1ed478ab6622dc688165e25dedae6409dfabb68037f6770

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.dat.jar
          Filesize

          6KB

          MD5

          35a6585e2dc2a4efaeb1d737c4684c0e

          SHA1

          6d69f5404edd826da08b0360c90e28da1e28ba2d

          SHA256

          5a12e0309f6fa5691c7c33b41568438bba34a03e76e08fceb07ab9e7bc48e5b4

          SHA512

          8f34199a4e9391462b89a9dcd12ad3bb52a59cb7623b46f4b61387d53e6dc9a881abf25e5d6a9f8f00fe05285ee94bde8dc5edce3b78ae34921fb8ae5c5af640

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.ext.jar
          Filesize

          1.9MB

          MD5

          88322a12ac092589b0c0c0a3f1df82b5

          SHA1

          37e4b5b09a9b87b45ff9e3fe7fcd0adfc93f5478

          SHA256

          1918a8678267cd0d3709ba1752ca5600af9fb496d2a15bee321c6219aee0a5ad

          SHA512

          f8488ba8432858f0712d1b07293acebd05a874688bcb58e5ad40e5f5d4c6f72b33d5c710d8b0fc963a721b46b9d4bded3ce6f0bfc298d9e870eda5e33e4137be

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.ext.jar
          Filesize

          6.3MB

          MD5

          87e7b55da870b1d4f838b085663c7f3c

          SHA1

          dda75abcbee2f6b4055e1aa77a4dfded52738553

          SHA256

          b84dbd5fd8561cf65f0630f6f9dfe41e1aea9c3ce465bbf1b66af488ece87c8a

          SHA512

          c15abbf7b7161930b925d4f84300b9b984017a7b6b5d600dddf01cb2bb7b5943a09c370b5c30235bb2f8e2c936e2ce3bb0ec2ff65b687a0f336a6bb4ea14fc9b

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.ext.jar
          Filesize

          1.7MB

          MD5

          9229c95d1568db3ccb4db5bc635d0398

          SHA1

          6614cf7ce41fa2cc3968a68c79f7365bc5060cc9

          SHA256

          aaa4b30c636239ddb55953019853878017b73c1abb54029555dd66a2047daa40

          SHA512

          ea91d3dec3cf096a5c7c2c782bb2a7d5029523bcbe186c6874f336e9f6ce7d7c2cdc587c64ac78667b522f2b3e6230635375d01f3662da9cd74e75767e0b6f59

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.irs.jar
          Filesize

          684KB

          MD5

          c7405d03f169b980f10cea6f717cb6a9

          SHA1

          8847b0550640d8cadd2325d19f10c60f232f1166

          SHA256

          c8ae0ce4f329bb0cd55672aaa5f8410bd27684aaac1b96085ed9bf54ebea3567

          SHA512

          8e8dfe8e23bfa882fef6882fac5c60618c5f8bedfc13f42f3a34354f2874d379e4a6cdf1c80ff9c0063898c64371ebacc89888bcec29c69e5dc8990160633d22

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.irs.jar
          Filesize

          684KB

          MD5

          6263092a4066cc703fba3c43d7ccaaee

          SHA1

          dd29ff70f4a0c4efadf810b605ccf3217dd02c6b

          SHA256

          60db470efa19a143065f88eb485ad31ee9afb169b852b42a7d87a790eb051758

          SHA512

          122f8819c0268f5bf6dadacdc6586b7509c0ece6155e8d2eccc897afea84ec246a7f193ce2975ddc134107b64fd51ecf56ed0f14dc443823759d6b76d61fae4f

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.uni.jar
          Filesize

          424KB

          MD5

          5281c31bc937e0486df57682e61c5c86

          SHA1

          ce34b2893d203c76bf90cb67d5a1d56e957fa315

          SHA256

          2f6654f61f0ab758f6825a38f078cf4a1bb1cbed1a99819ea18ae96634171401

          SHA512

          6219e0f2a04232ae6aec1736eefd00f696d1badbbaeb68dbff5254370281b2b82fbaf10c256e982004bca2fa3f4259106bc1fe6562850d420bcf283c1c8c80a9

          Download Submit

        • /data/user/0/com.unistellar.evscope.android/app_fsz5a13xuodp7cxiggb9/android.uni.jar
          Filesize

          424KB

          MD5

          3f5d5ab5cc80ae55dca1719549dc3627

          SHA1

          fc1a5e8b43ddd46c4d301127f9c2e07a613809f5

          SHA256

          adde7822a6f4b22b80e8348fe09d9d716e2f8519b8be926598a53463f43b569f

          SHA512

          885988fb4fb5b0a0b4c9b5f067c5b36a7fb7b731def6bbd3860832da215f19911b9a064973f74180461bace2bd04a2735142bb770783cb46e1b1d87c728497dc

          Download Submit