28524210164a65013867c749262978a954010e2dee4330a602ca7ae687bf145c

Analysis

max time kernel
48s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
25/03/2024, 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28524210164a65013867c749262978a954010e2dee4330a602ca7ae687bf145c.apk
Size

11.3MB
MD5

486b8ab6e39ce11d4f22a21712bdc1b0
SHA1

780163c7fed06d8f8df0c1d89ee569fb2c55d710
SHA256

28524210164a65013867c749262978a954010e2dee4330a602ca7ae687bf145c
SHA512

f39dcaf1f874be68d749710fe314731a3a6ce2db4c1a71bcff46ba29a7e0736f9b4043d63aba64f8e2a528f2e3aef1eb184abe5c60534e58eccbd66f2e808cd7
SSDEEP

196608:Jj4Z3+MQ7WiELZDsSBSUevtBXaZq9+/NMpeRjO35+DsC8aRTByofhQZXabUvYe0:c+MkW/5NeyZqKNo3AsCVBuR7we0

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 8 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.ext.jar	4354	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/oat/x86/healthcarebluebook.ext.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.ext.jar	4320	com.careops.healthcarebluebook
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.dat.jar	4386	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.dat.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/oat/x86/healthcarebluebook.dat.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.dat.jar	4320	com.careops.healthcarebluebook
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/bstoBFHrI.dex	4409	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/bstoBFHrI.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/oat/x86/bstoBFHrI.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/bstoBFHrI.dex	4320	com.careops.healthcarebluebook
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.ext.jar	4320	com.careops.healthcarebluebook
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.dat.jar	4320	com.careops.healthcarebluebook

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.careops.healthcarebluebook

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.careops.healthcarebluebook

com.careops.healthcarebluebook
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Uses Crypto APIs (Might try to encrypt user data)
PID:4320
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/oat/x86/healthcarebluebook.ext.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4354
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.dat.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/oat/x86/healthcarebluebook.dat.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4386
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/bstoBFHrI.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/oat/x86/bstoBFHrI.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4409

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/bstoBFHrI.dex

Filesize
2KB

MD5
e441e673202e75f9b5f322c7ee0ae068

SHA1
81fe55af689c5df56a1058df837a4523394c89eb

SHA256
4c64e54059ec649571fdae7453fc5af678b9451950c0405854b5dd3ec94847b3

SHA512
54876643bd456f8f96f16c42f268fe99bcd38163d19ced94adc7973bcac379e576afd783e8c7fa62a04dc318fd9d52527ccc34673b521ac744e1a1273907f464

Download Submit
/data/data/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.dat.jar

Filesize
3KB

MD5
2987b2e722039ba8756b0b2caab7dadb

SHA1
b9a73e07a66f17b8080727a510414cef3d8d3030

SHA256
7ace0dbb5bb1a67f584da015295aa7683e40bfb3949df1cd5f5cd117f2d3bf37

SHA512
178b15707ed5f901072f169d67282f90d2674ff5da72b7a99af30fda0f52a26dbdfb62b0a1ce8451b613674bd912a2fb3d683c47edc6d9b02348292367081098

Download Submit
/data/data/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.ext.jar

Filesize
1.2MB

MD5
ebae37c6084910a4aa702c1bd0d80ef8

SHA1
83833e860a5f9a7895e626adb455f746a9d3cd1f

SHA256
559b5bfaaec346ccea98fa3029b68fea675852158520bd0a304d7bb4df817918

SHA512
e1cdc4d9c28c61b510df0ebab5f89848b62855b80dfef0433ada9fd6038c518c0e11fe2947327debf692b27a4c74c4e63f869f0456ad503641f19b7bedc211b2

Download Submit
/data/data/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/oat/healthcarebluebook.dat.jar.cur.prof

Filesize
93B

MD5
4679923ec970ee991990174d9e754a8d

SHA1
79ebd6413a664523173318f4cd55ccd89766786d

SHA256
9c778309014a8e21aef2a972fe9505b86d4f162063348483ac41452f816b5506

SHA512
7f3f5023653ce8204628bc6f9216819a6d2b55c2bd08c91a9d58bd575668d83bf3229095a7ca8fa3966b11ffda4e6ab37383a3a31f33ed440a891a8ca14391b6

Download Submit
/data/data/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/oat/healthcarebluebook.ext.jar.cur.prof

Filesize
911B

MD5
3bad25181e0df5d00df08ec1d1513e1b

SHA1
72a3637c8524c547f06238e3626adb055b219c63

SHA256
26b29b161c2ec189894a4b0c11ba7776b414baefef6e194739970299ff017ef4

SHA512
d1defb7e508facb6d8c42c98d7bc26d43d318daf7f4adaef6097d083ed6bb67a91b3c9fbbbd8952c11d3a3dfaf8e80baeee37bd44c89e6165c4c0fab6a929394

Download Submit
/data/data/com.careops.healthcarebluebook/cache/1613498354782.jar

Filesize
9KB

MD5
2c84bc0c28d4ac333d267f7a152b4039

SHA1
49e67f04004587ae351d5aba4da5f18644746864

SHA256
1eea5584eb2332554753b4beec7fe8e972bfb3eeadbe0c05dba33de267f25a00

SHA512
44ab6c390cac8b11bf43097293ef73bb620b1466fd671a945639198ea10dea425a0c9443b47752cc0a6689a6f5a7661b35f7a8a350ffcba30a72be60d5f18abd

Download Submit
/data/data/com.careops.healthcarebluebook/databases/a

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.careops.healthcarebluebook/databases/a-journal

Filesize
512B

MD5
00cd85613c477dc797ec7065dd561b66

SHA1
ada3cdca1e357299cd479038286937fe14820b40

SHA256
1b0900a9c67c58320bef2a6b7fb61a578cdb00d524d02bd37e62fa8763d1ea92

SHA512
5c513397687d38a4382f1f4aace495b278e3926d5345952ffb348f11017b14421d1d0ec070f58deffb494e17398ff81375b61ae6a9e1863fe4ff04e01d88674b

Download Submit
/data/data/com.careops.healthcarebluebook/databases/a-wal

Filesize
16KB

MD5
9b27307ad104b27437f1359fdc4994d0

SHA1
4cbbf98d6623b940eea46c4a19c5ec28b35d33b6

SHA256
94277825be4a96b91286bc17cec1f79f0dadbbad9a8e1846550a4c403e04b28c

SHA512
044f29924ecee0e6602ff191422cd871e34971ea0ddbfff3886bdabdd18816d8935cd12a3a2fa6abc7ba60074b257337f278bd6c5ac1fc98db51285ec4ac8f33

Download Submit
/data/data/com.careops.healthcarebluebook/databases/androidx.work.workdb-journal

Filesize
512B

MD5
12527ad8bde5a884068a0d7a402a9fda

SHA1
47c44f187d62692062ff0d1acf5941fd996cbb6b

SHA256
5ad088114e00dd966b170b30495fe63e5b8fca45df01f8acda982921401c115d

SHA512
9336c3cc76e4b2c9b5e16eddefb3f319846fedf994f872c958d702b0453fea506e64f653762215a04c66713229e333da94b8493d01185e57312cd69a08caff7c

Download Submit
/data/data/com.careops.healthcarebluebook/databases/androidx.work.workdb-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.careops.healthcarebluebook/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
6decb6bde245e29e61e9e42a1ef8b043

SHA1
cc1f3c71803b8e6210d3c4d2731a69900be88853

SHA256
f06bbcd80b0654c9edf8c162fe16183d2b05e20f5d76b4ba02dd6ba266435f8b

SHA512
b198427ecb5410190414e05ea0faa7411fff86993682289bd967cbda5639dc568ab45717dcfa912b260ce20d8835cd0b7d9a8dd03c021a4e0ac8ee82f4d93af3

Download Submit
/data/data/com.careops.healthcarebluebook/databases/androidx.work.workdb-wal

Filesize
88KB

MD5
243de988b57ea8e98fb51fba3a411065

SHA1
4e8f893eaa58563428afbd25d06a5600f247254d

SHA256
fac7f519fa9b476062e0c6593ce88585f06849541404a6b02378132c2045f9d9

SHA512
2a11c37be1f086955a33196cf2c44ec51cfee8a8e8baacb02ad244e884c70037f3902a128c267e5dc46b0c6b5ddf9ac421eb50c7dbfeb56b3d6b767962508913

Download Submit
/data/data/com.careops.healthcarebluebook/databases/healthcarebluebook.db

Filesize
2.7MB

MD5
718ee06590c0734bc591b58fc7e6b2f3

SHA1
5395410b2f08b47b6dcb7ded3bc454a847dadeb4

SHA256
c4749c964f9f1e1fc038035257d44ca867b7c71d8a0ab1bd9150d64f7d442a7e

SHA512
6583dc3979c55240c10570b428adf023e0ccdf14872e681fc63d0cc7641609a3a46523c2ac3226a45937184c4d30e0a96108f6cdf011eb33edc01227dd997e08

Download Submit
/data/data/com.careops.healthcarebluebook/databases/healthcarebluebook.db-journal

Filesize
1KB

MD5
21ef4115675c4159f1e7ae55e1f5c79f

SHA1
12a4bd12c0690fc8026fe1f4aee92fab179ce8db

SHA256
b4d31d0282587b44b5cb73778a5c09dee5ec4bfc158a95570ebe86a5f0f055e0

SHA512
68d2d2811bbe1a4896a9fcd610ae4b3d3a5a348ea41b46b4d81e4ec2adceb12f992778021bc49b40149f46ceafb3cc08d20f3e7624bb7d9881aca89cd16986ca

Download Submit
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/bstoBFHrI.dex

Filesize
4KB

MD5
81d5427205de0a62a3069ed9f1a941df

SHA1
1224b9722f0d02b6e05a2036f2de34335d146448

SHA256
32c094e188faa917b7cf04b4d6f49cdc1f91aa99e3eba9e88321daa8706ea7eb

SHA512
1756659362bf35e3eb0c9b4fc4e3655a9c20cbd9eb61b1aa67685bf086aeb8fb6a26887955e7a3de12a4faf1c88860f465838564d068bf0d7f665836b744c3c6

Download Submit
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/bstoBFHrI.dex

Filesize
4KB

MD5
43bf06df2c911053413843c039e33491

SHA1
9c8aad91a614b54746e119b4b400d0beaffd15af

SHA256
1a8d28e9172f87b1a1362c20f2561268f350f35538dfef232ed5a7f351c05bf5

SHA512
b439fdafe7f81765e184ba31ccebf2f146f4a680a1e87e0683c5ceec7fc12c0026cf7ff0f572c770b678dbf61a5f9153db5a0e91757f83a526fdc46880df840d

Download Submit
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.dat.jar

Filesize
7KB

MD5
1416ae1c03bdbfeb7d4f0523a901e3eb

SHA1
4e57e40a1da6f4abf9eaad0625f386a08c371aa7

SHA256
d3a8110d551787ae46b68baad61939ac85af695d62ef28be24b8905920975ff3

SHA512
2f24ba6323f089d7d4a86849cfdeca9b7e88c7582a446bbb9a220668a4d900c8f65880a43bf89f573f929c79fd1c5475389a3ad970e967e51bef8bc40d92df35

Download Submit
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.dat.jar

Filesize
7KB

MD5
e6c22e81cda874395c88eda53a5d94d2

SHA1
d61cace0ee71d74c168283093c31da502a42984d

SHA256
3593a9f27b501709b5a2ab44688a9092510beab7428d3299d79ceebbe0efccc0

SHA512
b1dcd4f754cb6e949a5fd07ca5d774142c986d2f9a14bb23813ddb8df1082431beea6ada0b1039df4ea4c76a02f2179f01f3f910eeeec01cd45c52412a97fbd9

Download Submit
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.ext.jar

Filesize
6.4MB

MD5
108892375c6cd6aa995480eefd61675c

SHA1
c951afba5607999bdb4df70492afbccf05202aa6

SHA256
6f5fac766bfb576542a8bcbff3d92154e90755ffa5ffd5b20d293b31b8fe9c57

SHA512
1610e7b8a84ce582d6c014c1da2d86452b55791e226d421bb98b61846004a8cc8d35577a4d98474ef130d82ef7333a4ff476642c4eaecd72a6250b5b5aeb31df

Download Submit
/data/user/0/com.careops.healthcarebluebook/app_5rpzr8zgnrr7a5uerk9/healthcarebluebook.ext.jar

Filesize
6.4MB

MD5
4e423b293be980f6888d1089aabc7e58

SHA1
634509e7d0acff125998a5af02cb6acda0975ced

SHA256
6ed127dc6e984c8b80346aa75cfa8699db9bb1591ca3045dc5d88aa31f86bd16

SHA512
32a9e9a0a163743f956008b9ab90e4cb5151accb5803222192da1f9058a97c90f3f6a440da880a3487bf123a145434e246e12e07c48b0929fbc4b8c30ead0227

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads