99fbe076d674401520c7b9c65c32c5323f89d1e801cd877b0eeb93c5841dffcc

Analysis

max time kernel
97s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
16-04-2024 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99fbe076d674401520c7b9c65c32c5323f89d1e801cd877b0eeb93c5841dffcc.apk
Size

13.0MB
MD5

968c1b53aab6c310f18f38d138b03e04
SHA1

be7aa9f11876830b4485731ed3842595a9a4e52c
SHA256

99fbe076d674401520c7b9c65c32c5323f89d1e801cd877b0eeb93c5841dffcc
SHA512

0507f6e0a7e336fb81a23bd3118f073b701ab68a606489cbd3efd72e95002aed3ad2ee672ca549c2e92b2c759e4144e3a73e98f17f0b3fb7ac21780f8f072c4b
SSDEEP

393216:QXWnKwzzJ1I8M6pKeHgsCSt5V0I1/rNMxWKDVaC:A0J/M6pKeH7LgI1DsVx

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.hardware	com.automaticdocs.rentalagreement

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.automaticdocs.rentalagreement

Loads dropped Dex/Jar 1 TTPs 7 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.ext.jar	4186	com.automaticdocs.rentalagreement
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.dat.jar	4186	com.automaticdocs.rentalagreement
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.irs.jar	4186	com.automaticdocs.rentalagreement
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/cSPHkGgSg.dex	4186	com.automaticdocs.rentalagreement
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.irs.jar	4186	com.automaticdocs.rentalagreement
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.ext.jar	4186	com.automaticdocs.rentalagreement
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.dat.jar	4186	com.automaticdocs.rentalagreement

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.automaticdocs.rentalagreement

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.automaticdocs.rentalagreement

com.automaticdocs.rentalagreement
1⤵
- Checks Android system properties for emulator presence.
- Checks memory information
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Uses Crypto APIs (Might try to encrypt user data)
PID:4186

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/cSPHkGgSg.dex

Filesize
2KB

MD5
077fc15ec3c312cc2f5331a37c2b8cba

SHA1
8315832277e89fc248aa6e7c470b829195abe9ba

SHA256
58f1341a715cfc5f666e85f09cacf02104aba27b100539fe30d447c919294f5d

SHA512
77e432a5712d436b2ecdfb3c6741dc4104e627dc074e434f7738e16fd7e637ef00ceafa965162ae9a47910dac4f3964dc597597263914441a3903b298f468352

Download Submit
/data/data/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/oat/rentalagreement.dat.jar.cur.prof

Filesize
86B

MD5
858ef08eda5f249f58e75a4e8863ce89

SHA1
abb82c0cec0319b80577eb8193d45879a88bd7c1

SHA256
b4c05b5149c4e4fbb4d262599982c38d07ac92af6164b73cdafd17e88386ad4c

SHA512
91641b62ceee6145e71292a2fc1ec530f9b6201a6edc790adfe107e09dfd9535791b4a9199274fbdf3aaaeaac784fbfe8a76f516243435c9bc0247e3abd2ca74

Download Submit
/data/data/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/oat/rentalagreement.ext.jar.cur.prof

Filesize
769B

MD5
b8e173203d84d2ba24d67c655d0b53dc

SHA1
a84420370e0f1461f495f5616d51ad3147970f43

SHA256
3658b69dce3c06af4386208eccf039facc78170b86af1fc8bf3225d4b6563cd6

SHA512
6459bc5555fb6c7e8aa5dc3081b0502c6e37a6b3888a92969bf7afed45ad08922b787fce7ba13c038b887c4bc4f035021cf31b4da9434b2fe4cbe333d8c5532e

Download Submit
/data/data/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/oat/rentalagreement.irs.jar.cur.prof

Filesize
107B

MD5
fcf60b09e13fc0c91f9de315ed254e32

SHA1
d3aace9fcfefe5a5fd28e0caed72e4a769695f5b

SHA256
1f150789bf632789beeddd44683428d81d0577790694adbe412a734ff60b6240

SHA512
d8d04e55c7ab7418548f8e1ef50ff44edd09f0eaf870946518f1453ef89955684fe7d52213373511bf7c7c4eb36f15000f92f9fbed094e92310ca2fd3ac1f8b5

Download Submit
/data/data/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.dat.jar

Filesize
2KB

MD5
99e201c30a373151aa69e9781ca84e78

SHA1
7c4f64e58df511a41d8cfe867e29831e36cb2b71

SHA256
0900f16fd45aff75465afc96f34a7ea075fb30c2bf62f6db260be2de7978a46b

SHA512
1045ff152d55f3eb12eb87f37c560eca02084dcd8804f82957a4c87a8186bb9fb7e5347123e71a4306d91c7e2186c8b18bc34cff9cd2905a55d961756c124b7f

Download Submit
/data/data/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.ext.jar

Filesize
2.5MB

MD5
90d8a0fc694545c87db1c3ab020bea84

SHA1
b07e449aea51065fe07917d3d8c20418f868b790

SHA256
e7440dabe5a40b1a82363958fd8e12bb4ab7d1eff68e35812d7d546e39bf65f0

SHA512
1d956e3ecb3b92ac823e59013d3f5bce311ea5399a1ffe89b689948a223f10165b8d561aaad22c660342e7e14962f15d4c63c33e55cea9f99cfc5c158c3e3393

Download Submit
/data/data/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.irs.jar

Filesize
276KB

MD5
a3e995b897c224cef161864f7640fb43

SHA1
05d61fc4de61f61766e9b5070fef8913475bbd9e

SHA256
2afc9bbfce2331e36615258fd08941daafc4e27052d7aeee981d78803142d8e3

SHA512
a80fae97d1c616a6b922fd25de63e92ef7e0b36831c9cff1ef1657d2a567f23e9077c94f83ef5e770cd369e76d1f8e60ab252fd6e32310954445a3dfba40ed21

Download Submit
/data/data/com.automaticdocs.rentalagreement/cache/http-cache/27963f92bbba894fa98cf1f9d345478d.0.tmp

Filesize
6KB

MD5
e1514e43e6e925c55000c26996674566

SHA1
b0857e0b92561dbe46b72db9e2fe42c27534d85b

SHA256
dca63c0b7e719337be0cf132efd76c284b67c1caeba74cb95d50bfe76e9f95dc

SHA512
1c128a382d5effb0f27845d8ee676eb0476eb5918d6e7c56f562316d6a20a9d6c518b12540eb65b34ee2e96a4873f0b6bd758c682cc91a5f76bc2496185998e8

Download Submit
/data/data/com.automaticdocs.rentalagreement/cache/http-cache/27963f92bbba894fa98cf1f9d345478d.1.tmp

Filesize
470B

MD5
f4cb4fbd64f78befbbc9248f52651aa0

SHA1
94c27329574db9bc289d8808b2922aa52e1a6ade

SHA256
f7ad52539d7a1a286d354ef7ef80ac1c285406337810faabc2a1da40c1aed460

SHA512
fa973635df4b735206a6a1e4b34c5e85b7f493ab8c91b7b3e59e6288c1fbcd2330bba5024ce946694081a5e9fe632efa8172475c7d582878949bb2eb285947a2

Download Submit
/data/data/com.automaticdocs.rentalagreement/cache/http-cache/journal

Filesize
123B

MD5
52a9d3be53ecef810a63b191fd841e5a

SHA1
5735de153c670fc3f155fc702d315560ea07a3b5

SHA256
bcc0d22536e843bd2246fba4f665f4276f9e9cd2be2ca5655d97a08f454b300a

SHA512
5a05ddccea0cf2e0bd5b41b1db73f51ea0ba3d0995943edf08fd83a9850b079d03485e3c8fd1af715f9b917df9fa479a7489a482bb5167a944fcd3ef0614b638

Download Submit
/data/data/com.automaticdocs.rentalagreement/cache/http-cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/RKStorage-journal

Filesize
512B

MD5
5538bd00662eff395ca66ea23e2f72ac

SHA1
014259b023273f20570d3a6129a781a0ab99beeb

SHA256
a9f18e4ffbe4337bf8449fde433c5924cc97aea075e47a5e4dda70451bb56ba2

SHA512
2918edcb64d949c760c6a8e45a34cbd4477c350e36739a42ca1a34c9e43f96ea822e5b82c6709fb026cbddc1436323ff448cbe3e4ab819e73502adefb9f7fa2c

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/RKStorage-wal

Filesize
32KB

MD5
ed2b4b24ada00dbc7cae1d37024ad6ee

SHA1
e29edd5f663e18491590a16b2c03a0df337c6119

SHA256
726b6c2374377df04703f6561576a4d37e5cb61fd47574287cd0bd2e6c783829

SHA512
cd84a0b0eb58890f2486409a329c7922783c46a74863125dc93f8adbce98b74d197b3e99169bcd9a313f7fe1715f9c836b0a5848fb25fc62489c9058570a9634

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/a

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/a-journal

Filesize
512B

MD5
4aac3d1befe96fc72c71caaba3fd7892

SHA1
944dbf361056cd15673cd5d4b8e4e3c8f832e6ef

SHA256
a8ca2b8c651b7d347c294a7cfea196c5e728f287396b7456b6b5992991503ee5

SHA512
e0104c5fc0c86aa33945f9cf9dca0a2c06444a76c3827637c1a56534810d4bf061a8aebe5f9393ec00ef69304804dcf20f6b50dd36b8ac5d261c38e46a0697c5

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/a-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/a-wal

Filesize
16KB

MD5
23ba2c4efa214e34afd9d380573af112

SHA1
d0f5cf12880754d0f5f77710fc2babf3110252a0

SHA256
635725238e6c14a0e46854b92269e04a0ea5b2aabb3b5d1772f4287e3c191b51

SHA512
3f158041d2bd85f8f1a7a3bb4d7e9c29c9a8ac7c17af0813c7d5bab704444aecbc36e220316aec4296d43ca236ab1d461aa78b0db11b8ab4f681467cf3d11095

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
74bef816ddf9c19e20a76ac17d41860c

SHA1
d486f3ef579496a5cdbadc874f4dc1a841bddf67

SHA256
ddf9019cbb22c823e9d2de0840b40a52045fa7fd57825e0e0637be925772c9de

SHA512
0b79d126ef48885d308163fbc0106df3b27db5328c5038d308b9c528a6b3fe79bdeaca95f7da039163d72c95bc529223185bbb601b5d411424566ac0fc1d56e0

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/com.google.android.datatransport.events-wal

Filesize
44KB

MD5
18dec8f87a53b255f23a9a5a5942471b

SHA1
3a030ad0576e951ef30e9a3817e9ffdf99e0522b

SHA256
29e6dac68cfbcbf6f97a703679a9c48aad8c2c43362b8ba5bd75a1c81764b439

SHA512
093dba0bba42d0b1598afc20ac8a6c73c4c95ad740fc968edbc95d3ac0c5a72a0e95001539b468fec681e09aac19f4b35069fee4d6e8263c569889700cfd2874

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/rentalagreement.db

Filesize
2.9MB

MD5
791bbf64b52a8eb1410d57490df03c22

SHA1
133876c67e3c41490c1686668af3f39a6eae72e7

SHA256
ef3c889e2a799319d56474ad0fa3abe4c50ab42427830e68bfc568d5f6319c93

SHA512
9d45e273a7ca627cea864298d2e285a529dd664cd8398a5dc9e970286c4dac1804f17c525417275ad037a5b8ab73cdf15e9ebdf9e8f22844afebe80d5b9d3ea8

Download Submit
/data/data/com.automaticdocs.rentalagreement/databases/rentalagreement.db-journal

Filesize
1KB

MD5
57c186ab233c63e5c6c592a6628f1fcb

SHA1
b8f18571864f992398b2302b195e834af4ae9504

SHA256
94e0195d7beac5cbf4528aa5d5bb20bdf6bc9032b54b08da169b778ee3b4eacd

SHA512
48bac9a200fda4d547a65bfa693fe1692baf008333106c2bd8ce1c10c3017ed62d27f313992bbf217dbffc60fa10d9963f5fca3fffac72e6ce66fbc3d0cf54f9

Download Submit
/data/data/com.automaticdocs.rentalagreement/files/PersistedInstallation4112909874069586009tmp

Filesize
567B

MD5
ca56b7f46ea5e14fb7b4fcf4a76024f9

SHA1
a5394b542a2634895add4bc9c99cb8eae0c5ed5c

SHA256
5634a59aa8ec58bc3bb5525aa8e64a3e0e1cb83a333cf9d73d06c820d68f8155

SHA512
f8b28fd6101e9120bc36ca6ea54575f7a49f46aedc5e841d118c4764db11710b89d9c56f0f805e454359f4946c3ed28a0fcd170eba7b0f2812b1fef15311c0a5

Download Submit
/data/data/com.automaticdocs.rentalagreement/files/PersistedInstallation4347893593943793240tmp

Filesize
90B

MD5
774e4a1b1ff1c4d35c1f0549a01b9ad2

SHA1
e0da1a37d5b9b538948797f8236d3d9c99637812

SHA256
856eebc0a6b981831e5bc0c5c399e0115bb5304fda2ed878457e5149c32acac0

SHA512
26372afac239b5a1f0368e6b53ed7b48ff60e7dc89dcf127458b454266918ef69ddf1286cffeba1f8197ac5fadebb6105d37a5192a3fcddd5872971bf7bfb82f

Download Submit
/data/data/com.automaticdocs.rentalagreement/lib-main/dso_deps

Filesize
348B

MD5
aa22e80c50623e597a9aa75dfe69d7e8

SHA1
740938379b966db481497b7a7898d2009fc1dfbe

SHA256
a27e5b7a179fbc1ee63d5f2f97d1c21280f3ee19c4bf81204c9e4b2484b1a7fd

SHA512
8052bd5de9f4ff97edb573f16fca4a7d6f64e09bf07bc217ee8293f4d408dcdcd7aa8e5a04f7924c0de0b491dba9d51749e23ee5903eac3d12131b34ab4f42cc

Download Submit
/data/data/com.automaticdocs.rentalagreement/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.automaticdocs.rentalagreement/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.automaticdocs.rentalagreement/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/cSPHkGgSg.dex

Filesize
4KB

MD5
a75c58f929f536f9ac85db0c4dabfc45

SHA1
89d337dd78270b71c03afcd8c237a3a9ae83fccc

SHA256
77aeec5ffee965b38bb2e06871c650dd063c4e08b138c5779ad7ae86df79de3b

SHA512
49624dfcc8484def16557756f043dc325b5ecd8a395df40d5b79e2511b52852fa9d14f9b809c3685a07f9f2dc4ad18bb4eeb788c43a0ae631e72890903be59b4

Download Submit
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.dat.jar

Filesize
6KB

MD5
5cf00fb1d7603de56737346642177438

SHA1
455266b7e64676401e2b4903f4c40d4a3f289bf8

SHA256
37adbeb846a490dd86e56fda42c78d18e2b39c3ff952290415f5110da4efb016

SHA512
dfbc027fa3685608ff3458027f801df448bee84dc312dcd283405d66124f9a016b081bc46223c6e84a2b122939903d1335c36b36ce449db4b0c5e1b4f82f3042

Download Submit
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.ext.jar

Filesize
6.3MB

MD5
042127136b778b84116de2e3f5317e54

SHA1
09853d9554259b123f7e14cae4ab990fae4ab642

SHA256
812ac070bcec5863d6378887195cca8c80032d8efa3e99486c9fec606f766129

SHA512
601700419e94df440ef476cf66d98f044d60475bf01ab6bc25fc510d2583825751ea075dc78a2e667385a1f060c9e6834493fc0c0e739f2afc9e4c2200fba837

Download Submit
/data/user/0/com.automaticdocs.rentalagreement/app_z2xjubkmhovmo2f9od2t9/rentalagreement.irs.jar

Filesize
684KB

MD5
6263092a4066cc703fba3c43d7ccaaee

SHA1
dd29ff70f4a0c4efadf810b605ccf3217dd02c6b

SHA256
60db470efa19a143065f88eb485ad31ee9afb169b852b42a7d87a790eb051758

SHA512
122f8819c0268f5bf6dadacdc6586b7509c0ece6155e8d2eccc897afea84ec246a7f193ce2975ddc134107b64fd51ecf56ed0f14dc443823759d6b76d61fae4f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads