e7d71efb5a0ed704378966e835efb1de6208a4e48f77b79aadcd69f93680c182

Resubmissions

15/04/2024, 08:38

240415-kjwjzsch3x 8

23/02/2024, 10:54

240223-mzjlgafa3z 7

Analysis

max time kernel
302s
max time network
312s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
15/04/2024, 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cool Emoji Keyboard_1.5.apk
Size

16.6MB
MD5

86a7f4e68645920ff6dc0246ebe90f82
SHA1

eacdb18200085813bb635174bae0c5845f21211c
SHA256

e7d71efb5a0ed704378966e835efb1de6208a4e48f77b79aadcd69f93680c182
SHA512

0e40b7a884e3d3815500a8fdc258b1d064f9ecca0137bee61daeff439d450cfe0147e25ab80a3bd3449721552da436afce247268af4db90365dc34adf47b39f4
SSDEEP

393216:Zsy9slz3Bmz6UJ/KyUoyJTybZCNjWEOrPFJRR4ehYArC:Zr2rBmzPKyUoyZA2jIv+f

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.saappdev.IMAGEtoPDF

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.saappdev.IMAGEtoPDF

Loads dropped Dex/Jar 1 TTPs 8 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4315	com.saappdev.IMAGEtoPDF
/system_ext/framework/androidx.window.extensions.jar	4315	com.saappdev.IMAGEtoPDF
/system_ext/framework/androidx.window.sidecar.jar	4315	com.saappdev.IMAGEtoPDF
/system_ext/framework/androidx.window.sidecar.jar	4315	com.saappdev.IMAGEtoPDF
/data/user/0/com.saappdev.IMAGEtoPDF/cache/1664557424545.jar	4315	com.saappdev.IMAGEtoPDF
/data/user/0/com.saappdev.IMAGEtoPDF/[email protected]	4315	com.saappdev.IMAGEtoPDF
/data/user/0/com.saappdev.IMAGEtoPDF/cache/fix_ixo	4315	com.saappdev.IMAGEtoPDF
/data/user/0/com.saappdev.IMAGEtoPDF/files/ttrrgg	4315	com.saappdev.IMAGEtoPDF

Queries information about running processes on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.saappdev.IMAGEtoPDF

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.saappdev.IMAGEtoPDF

com.saappdev.IMAGEtoPDF
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4315

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.saappdev.IMAGEtoPDF/cache/1664557424545.jar

Filesize
10KB

MD5
dfb68e70e8eb84d844c9ce623ee069c1

SHA1
369e761858a904fe9fb89efcfc9bd3e6e56ee44f

SHA256
8ba015cb192f34326e6a46f765c6712d87c3797661541275c84b9a30ee449eec

SHA512
0d5f8ff91d3cd5c976cadf774b8d5cd6f276793b9eb9f3d8e7168eae122b0bfcffd833be9762de441d4b52f7bb3eb3850479aea37ac327be9b71910c6fdc566a

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/cache/fix_ixo

Filesize
7KB

MD5
6f6b6c0bf335c33265be529e53c82709

SHA1
4076be92e4cd735d33e4958ffa0240a18ff1041e

SHA256
27541ef1431514a491656b5d14db1612436a47b25aa9c743f0c4bb435bf44b05

SHA512
adbea5248e0722c49266a394ed8137a56989e2476cc099768a384b44ccdd1fd57dedc682d42e235ccfdbf3a2d1974a85689b64f2dee4da67684224946a9630db

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/cache/oat/x86_64/1664557424545.vdex

Filesize
948B

MD5
480d07e0214aeb0d51a0d29f6f0a6a22

SHA1
bb1a0580bf436ffe93d91756a9e2e646e449be9f

SHA256
e9e16898bfb89b40c3e9972f977730473d9b45ed0fdc5cbf868ff0e71f064290

SHA512
31c58c4bbeb49cc1ca7c705b829c55b50d980e9248277f9c96f1602fb1e6be8e7e3d3add5d3b002d28015822dc277e21905eec9dcc5685567c36e5ab97444171

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b137f87c1a9837d84a544f1809d0b7a5

SHA1
bb9057769112b7069066004f9e4e30e1e2df8454

SHA256
534bb4320a01034bc166f145b2be95b130aec6c6ffde1c0d75076277653dc30d

SHA512
8c39176ef587b6ca15a772160039d95c2f1ccfbe980ab4c2a16819855febc231b3cf59c4fde2cf674f10b01f0b31da5f33dafdcc20b113a1ccbc6b281592d606

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62e737465e42810ed895bf3077f076ae

SHA1
71f9e14e42effae36e901289371760ffceb5bfce

SHA256
53d87df7736bba9f01cd634b6bc5cc024b63af33372f1044c8d6a054abc29e29

SHA512
b41a2fc507f85b310fd576ec65c9028ccab4edba3d1253d5317e52144e3632e2ea6b4a5bb5c00509110552d7d8dd21f258714cef3a0ca2d78712cd3bd5414a70

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3a1dbc351a656ee1827e89042f30cd88

SHA1
e9ba55f3dcc2e28cd75d45c59bde37aa145da3a5

SHA256
a0982fdca31219a63383c2f6f1a6a40f3723a6ae047a9783dec2509f6262c250

SHA512
a61e42f746c2c79f5cad0017e0b6d8dd2ccba32d03803048f01856964b97a4b23f20a38e5e77d06e8fe953e6aa9b72aa43ffa41b8892bcaf86ca263b96d51587

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9c8924de3153e8ea91ff4908ed9805ce

SHA1
8080ce2a83be652dea4a7a549f92778bd1a1780d

SHA256
7d0cb8d0cccbfdd26401cf8716e24ab5c7ecac2f7dc933f54f5e76e6af5daeb0

SHA512
449909b8edb9219455df0dcad7b63d837a663f67a390441f9b645a69c3dc18ebf075c9d63ae18e6d6e740a9f861392fa70f72a08d98cedea507435f2ea30f3e7

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db

Filesize
16KB

MD5
fdd3fc9b95206b3ccd22effddd400f1c

SHA1
197614264768ce41280ff43259af9bdc2ed4e2fd

SHA256
cf576b8edf937c8bc157de201823e22a479eb298837f3d3ada71a09592b1b7f4

SHA512
2a1ac7fd9fb464cd25d25a62d58e18df19feedfbe213e7babc876581035086768acf892b14265ea544d937022983ecc4ef6fb42a81361bead5a1262e1216ac51

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
9d1bff318f7893dd2cfee817b064b38d

SHA1
33ac491ba6d37879cdb1c6063100495f861430d6

SHA256
da123e01729afc7b770ba5f6454fd1c3aa5887d1d8917d0c5b6c5db62bf312dc

SHA512
58babe2ae1335b8e02a47b25cb05a0bc868afef33e68b8c6f5e7c949da9ccb3a7932b7380a8dfd3ce9cb16f68345fd75229d40188c6a2a09358e0b084d9b240c

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9ae39e929380d7f029359dc17be85273

SHA1
7ffbdcbbbc10a821a90d4650818ba41ded0ffb8f

SHA256
860a95016b9f41c2df96c9885344cb1aad875087dc7286fcb129b6fb218fb4d9

SHA512
1ebb71d762919193cbc2d656b154bfaf999e759bb1e70dcf9b8087f57a9599a306c548db07bb1237ff6efc0019c55968ecbc09e953e56bbba041ff949bfd3cce

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
da37102fbff1910bac6e9420fcc07fe3

SHA1
430c945682ac4e9665fca119e595478e3885c1e1

SHA256
214a895ce7768259eafceb0ec8553098b329970ad324620703fdd30571771693

SHA512
5f6aeefc499cb039a835d2d2223a4b8f6a7145edca4c28cc98ac1efccff8d940f63672193487cb57a4cd8b3fcd75873f36384b2ab671cb6e84b958e3dffb35e5

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5ff08d04c957738f64777fc82a5ca375

SHA1
8ca5678304eaaa188c5509b0b6e902bcb513b4e2

SHA256
d36f863aac98550117fed09303c3698ef415b7619848d1188d32c052fdf6553e

SHA512
2ed243f419af333d2e59afc0cffa6c63025dc71de887799b3da8847bf7df9662a0de4f6a162bf47ac6c3a41efc14307fd44e4d804ff8ba37faef2828ac6cc3a6

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f933a48624dd6a590f119baa4756ee77

SHA1
13e3ff56fa71ed05d00beab7e1b44fe21349b236

SHA256
ca6fcedd331a326b7daff74bdc1f9b69fea2ceb775f64e98cd224de705d69973

SHA512
32e11a3798f6c9a29ba27d553a25c519c5e289c93193ddc86682fc1ea43bff2b5f3d4e5ff182ffdcc41f5a31e1c8bda95623d170cfd8277d90ab5616ea7338cc

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
01c0403aef15a2affe8ae8c9de990cd1

SHA1
305f1b8b746716ba6b7906823070c39d76a6fa7b

SHA256
886550e0dc0ba540b1e5925b9d246552016106bc83c1166d952fa5b6bf0440b4

SHA512
17ff996950a9a92cf41823e25cb4d79c34b75cd16df57600735cd3e583b9e61f3b29ec514006c827d2cf6b30613674b4d66c07cb3b9662537f3955cbda45c931

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/files/PersistedInstallation1189231241768659300tmp

Filesize
567B

MD5
160e47408b7797038552464ec5f239b5

SHA1
b9311dd324d713727f80003a559166e6dc61d17d

SHA256
55fc2419a349e1e3df8f212e063b011617f3e2483a24fcab5b0151b832f9ed5a

SHA512
7d9c7f0b13c6b3eab6d880ab852eb6a0a07e813b8c9793c15eb520693bf5cf959c5d6757cbf72e271e96caffda685a117e8df5e46c945b475b503124168ebe7d

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/files/PersistedInstallation2427172426758094605tmp

Filesize
90B

MD5
2983c3a04c83652bf63be6eea1e98dfd

SHA1
470e44ce429f9b771c1387f914e050a73490e5d4

SHA256
cab783b1bbab8179b23dd5d700f38fa1a67c59bd2604addee0e37c3520cf9fa2

SHA512
9604ff00e3a57a2d19a1dddeabfbdedd7fe6833459f9a0be0be63aace92533f658ea9adfc90bfaeabe1294a24992c9efa708a8165448386a5dec5b7c7f007abc

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/files/frc_1:824932100287:android:4bffabf033e101bacc7e0a_firebase_defaults.json

Filesize
192B

MD5
31ffa7c61f75eea9e231f73c60b6e548

SHA1
bd34d13361b1a42d951be66385520b8c67936d32

SHA256
82c70250285857b70610587b9da0d499f425eee39da4199be64e143548b0bed2

SHA512
cfb42381f9bbcc63b7d067b6150d714121cb1b6137a001e38e39257118b8f8c8d2e718d39c0b4210b5220f669be6de7c7a53a94053354028b60dc2369af82fd9

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/files/frc_1:824932100287:android:4bffabf033e101bacc7e0a_firebase_fetch.json

Filesize
8KB

MD5
43c3027143f3471ab9993d51011bee8f

SHA1
a1cbc9dfac29bc62893f06bef4a0a6d0109e853e

SHA256
6bd35aa0826515db595abbf7e57e092168633fb24f4e42733bb08e1045384169

SHA512
23ce2e08d9536e23512340726e21e5e18c3c7d3a067efd4cef8b1bdee710420660fe2c6671cee63a9f135657d4d8d0b59ef2fd123c7f3f0beba4355bacba3a89

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/files/ttrrgg

Filesize
33KB

MD5
8508bc12a9f7b60d431fe79db8ce7b30

SHA1
47ab4f411df4285ed4a97992f8bcb2fb533f6995

SHA256
f235bdce53a715e231d2b781d2caa8c81d83e6e3486902bb29dbe53d13a313e4

SHA512
092e3d7ba1d6f14ead5338f4a35c3be672686cb3c6bf9317fce21bbd7dce8d2434f554dfd8769c3fc0ab13108e1a4b88f1fd653a9fc2fbf900187de870d05e5c

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
d7c3ef8aeaf80be5547a3f13e55255dc

SHA1
bbaa8bb4f8e8f5ca815fb038b609e62aac32f3c7

SHA256
f10ef09361394439d9a3d2ef1d82daf198ef7649f67f917199402edeff67a45e

SHA512
01d171437fb1e4827b9c7315ea5a9eedbb59dd5984a4170d02eac13c090fa473f8f5d93f02af9f0dc3ec4eea74d89863f3f0c604071812a373a0d30db5ab6688

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
cf07aae315f4993cd18ca7a79aae2bad

SHA1
f2ceb8967577a9cd604470e924bae8a35db21a81

SHA256
70f4706010c27678224910e78a0d5c1e1c07108fcab68faaf50329f5353ebe9d

SHA512
beceeb889601f6e2c1ca36430e02a4bd737e684b82ac91f70e0747bfda61472d250e458af9bd6245ee1707a1f96703535f5a8a5e98f99aaed21fe57fe15ac30d

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
008b3e13bcbf158c6bdf43388c9c2595

SHA1
a1eee08fb11ff96ecd22dc3e6149ccefdcd37fe9

SHA256
db6b2e3c60102e34e9c79c8ab9793818261a0be1216e242421ed2af0fa1c7096

SHA512
3acbbbc4abe37c2766bd54e9f08dcf6a1984806381f40a63a6c24e5b35c0af2f47808d04886ae220a40fd068b47cb4b64893bbaac330c18d398297a8fe63775e

Download Submit
/data/data/com.saappdev.IMAGEtoPDF/oat/x86_64/[email protected]

Filesize
252B

MD5
f534c567c67d73412cc3cba318d43c7a

SHA1
907dd1ee452ec753ce14fe6c1f83827e203226ae

SHA256
0c25c57cda478cbe97d48e8c72159acc5a02c3d3f64ee37be3b16a125f792554

SHA512
b4e1b8e649a6e3fd3818ea0cae19592f1ed648eeafee076dac00101dcbf8c7158fdfbdc34dcdabafa0bde7fc7db748e3cd1f03a930703df31830173234717e0c

Download Submit
/data/user/0/com.saappdev.IMAGEtoPDF/[email protected]

Filesize
5KB

MD5
7ccf0717c0913d4108268222eecfec6f

SHA1
5e418ef73376d2aa1c26c5e051f92dcca6a3f965

SHA256
c0b5c79ea7b85b45c7584fbc958cac9ae51825ffc785ec02bb8cd2dc83ab8519

SHA512
68a58651f57777755d42b53ebd5e3fe0b2c9c3e3149e3f404043b535cf5ef999d4d981c04aa9177ac176cdf4883ea0cec85294c33df5198a6dda9ea3b859b31b

Download Submit
/data/user/0/com.saappdev.IMAGEtoPDF/cache/1664557424545.jar

Filesize
21KB

MD5
722310b17c81cc3d780d23e1a63eb450

SHA1
0a0c1a939f923570e5da88aa5c7b105052f056e3

SHA256
9f2d7ff525ca785553557c351812252c0beface31440517e2f19929fe76472b1

SHA512
1a48e9383a0befb0c6b4755a8b56f352fba317910308f701e13ce8189c465cade6b0af510165d586745f1913a61cc68f91395949202394336a59c34596691a91

Download Submit
/data/user/0/com.saappdev.IMAGEtoPDF/files/ttrrgg

Filesize
72KB

MD5
bcd9e7b07115541de8e9a6f74dbd6fd2

SHA1
12ea92d0280aa95a83ffa9b9eeb4ebda65ec701a

SHA256
14c35b353fcfd1ed4ff341ece30418651133ed2afae01cfd41c37cb26d108bfc

SHA512
e1f49752f00ba28c888f35b856b4d066507a604e07842d142d51faba16b38d8500d87bbb883eba3f35e15b706273d222e61c7ed21e44e36b4d2a7091ee745d90

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads