049f57ed5150fb639ea1714cba3dc12f1bc6b248ef31e5a610bd65bc87991ab8

Analysis

max time kernel
47s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
16/04/2024, 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

049f57ed5150fb639ea1714cba3dc12f1bc6b248ef31e5a610bd65bc87991ab8.apk
Size

13.7MB
MD5

1ac6ab6dce7b85bcaebaea0b659a4758
SHA1

cab07fb3bb8a625b69bdce725f68d5667aa183b7
SHA256

049f57ed5150fb639ea1714cba3dc12f1bc6b248ef31e5a610bd65bc87991ab8
SHA512

d99804456a4382d7b6b759cc683c9685613aa4f6b420c33bbc7c3ddf4d0a4ec3d770dd927b9b7acad11373f01a26a98321628ff54e2ca210a386b61765ab652a
SSDEEP

393216:rSTYCaI+XnaDypqp6rJsCrNo39EIY8rQ2L8:rMYLI+XaDysom6E9EakK8

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.hardware	app.ovulyachiya

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.ovulyachiya

Loads dropped Dex/Jar 1 TTPs 11 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.ext.jar	4188	app.ovulyachiya
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.dat.jar	4188	app.ovulyachiya
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.uni.jar	4188	app.ovulyachiya
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.stp.jar	4188	app.ovulyachiya
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.irs.jar	4188	app.ovulyachiya
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/hmxTzhYje.dex	4188	app.ovulyachiya
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.irs.jar	4188	app.ovulyachiya
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.uni.jar	4188	app.ovulyachiya
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.ext.jar	4188	app.ovulyachiya
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.stp.jar	4188	app.ovulyachiya
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.dat.jar	4188	app.ovulyachiya

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	app.ovulyachiya

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	app.ovulyachiya

app.ovulyachiya
1⤵
- Checks Android system properties for emulator presence.
- Checks memory information
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Uses Crypto APIs (Might try to encrypt user data)
PID:4188

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.ovulyachiya/app_syuwmybaxqojj935wmi/hmxTzhYje.dex

Filesize
2KB

MD5
e04375bbfcaa4082208cad7b9cf0cc05

SHA1
120fb3948b0b951b3419478da13cd9221476f91d

SHA256
1a59273e7ab02eed3f09084f6ae534584edaa3aeef389670ebe0fc889eccd046

SHA512
66c6fbf3c8d53cda943880ce2b7781128f60700aad68b62db06d03e6f0dd3d7db9b91104084ec4a21e33879bbcf73d0bb9834374458600d33e9f2dedc225004d

Download Submit
/data/data/app.ovulyachiya/app_syuwmybaxqojj935wmi/oat/ovulyachiya.dat.jar.cur.prof

Filesize
85B

MD5
bcf2e12ee94345fab018c1dc53aaeae8

SHA1
f69f98fd53a95cf026c08dabc40ddc3848ac7729

SHA256
9f7d52037a2f4d078af7d3ffaa9007bb5af04c23f9772021a682f4c0a893469c

SHA512
5885a11667d0a8d5b83dd367373bcbec78455acbff2a7c3b1976478e32a2c11479f6b6b774b8d8e9803192df88a999d1416bcb875ad621a8027614c4fbd5800b

Download Submit
/data/data/app.ovulyachiya/app_syuwmybaxqojj935wmi/oat/ovulyachiya.ext.jar.cur.prof

Filesize
789B

MD5
b569782d44e86e23bdb13ae6141a9ad1

SHA1
746d09834b773c60f1801506b94dcf6de864b75c

SHA256
921101de402da027c3a1bbfc91287e75292cab082a135d41f72180b30df9d6ac

SHA512
8531f952d3dc25877799cf5ae6b7fd2ae51ae76627cd860c652535bac27bdac78a8c956da3ee0773583e95a37967b986cc27f0c854544707f5b256c93c9f3449

Download Submit
/data/data/app.ovulyachiya/app_syuwmybaxqojj935wmi/oat/ovulyachiya.irs.jar.cur.prof

Filesize
105B

MD5
6f22265a9a5957d85486a18f7adade06

SHA1
b9fe5bdd8e16d7ab47d1ba8c2d0dddc804732124

SHA256
89a9376fdeed54f2eda54ff1094bc96dee79dd3fa41a1ee88ada4489a9e748a0

SHA512
4f0f09227c931f207702eb6e1a4242d2c9c2256c787e5d655358148ba10c04b18c51ae558703ab6d15e8d1ad7ef91216c57b38f9cfe2bb1f2a7a9567f6bc4200

Download Submit
/data/data/app.ovulyachiya/app_syuwmybaxqojj935wmi/oat/ovulyachiya.uni.jar.cur.prof

Filesize
128B

MD5
1adb5c7502ae98296828c40bfdf35623

SHA1
ccbac4d74f477a743c1620bd9055f37466520da5

SHA256
2de4a6075a61bfa6ef27a96d0e77a022ec0c073d62563325b7d5664d73161bb4

SHA512
c0b0f92597c532128836db826a30ea44ecb5485e5c332b9e1c02bf3a123c270bcc40d0edbf1a0a497ab6ce76acaf9710e7d12087c49494e0cac2e233af4ace75

Download Submit
/data/data/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.dat.jar

Filesize
2KB

MD5
2ff33222c4601850ac443b271661db07

SHA1
4e74efa98b5787400f6b3ba0b64463b30101ff47

SHA256
a72c86559c2a8c48a04c08e6451a5a78071054b276f5ba4f1de8653cd15e99fb

SHA512
8ffb90b868158a4619dfc4567c43b523fbedf6a75c3670fdc5cb0d3c224d54dc25128575067a866a0f20767f7fe302536d509e7e4e3d7cb0f0c6442fc4e5936d

Download Submit
/data/data/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.ext.jar

Filesize
2.5MB

MD5
1c1aa4db34407698ed1ddc849c7f2f9a

SHA1
77a7a9c4f20537aad6012ba9658ba5bc8769957b

SHA256
67a8365fbcd65f8b87675ace2eae84417eb4e30b8d26f5a4b145a9acc65d8cd8

SHA512
6be2c4788ceaac3957bc885fa4d496d11a7330938623d07a6584a41f46640bc9f6f3cfaa6816d484066b922169318f229355706d3a521947b66ff806df10c0f7

Download Submit
/data/data/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.irs.jar

Filesize
276KB

MD5
726b1f398bd6c4831e26d60aee976002

SHA1
5b779e7228299ba020c7d27f20e15d1cd0d7c62d

SHA256
bcc8c415a5bee06c3db04d04b7006e18ced0efff6ef54124a431ff263f503f83

SHA512
d33662d53dd4f98472ba41173f3164f36011141e855c98fb73ca90547ff0d896045974419f393fe066b0d31cfd73e7bf11511f8c35fac3a1abed6185fb7cca40

Download Submit
/data/data/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.stp.jar

Filesize
460KB

MD5
52a9aba5f9db5b4b4aefa8376e75a4d5

SHA1
d67c3fd505245abadb5ae4fcfe55d812800ba2d0

SHA256
d339524826506cd9413dcb17a51b7c81f71964898105a8d922f9c576cd06d22e

SHA512
25c0e7b545b8512b449755bf2bc8022e15cfef150c98b67efab785b2a24d22dcd2f0d2d1cbea5aaebd4607ae4a2abfe2b73a0e818431dbdf3f4d415202a20e49

Download Submit
/data/data/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.uni.jar

Filesize
168KB

MD5
ff92d58e0e3d2d628c36fa218d24963d

SHA1
00620cd1cd5d001feabfe0c9ead252712bebbdb8

SHA256
c084a509a22fa2aaf7907eff0df96ac21e40d34eb9c55f10f882c1c6b4be4d64

SHA512
45b20246ae3459c2bb172a28e7329e7f56ba97c4d70d72b78682348da9d14dcb983ddd0156350b3ea4ab99b3087155b891b086f393d9be8db0742e15ea1ace40

Download Submit
/data/data/app.ovulyachiya/databases/a

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/app.ovulyachiya/databases/a-journal

Filesize
512B

MD5
462a26ac6f879d1831373c90fd3cf405

SHA1
262fc1b0e0443caea021733bf839a5c7da759fc5

SHA256
42bc46095d6867a219d2466640bbc557bf658de06301389febc6d48a25f3cba5

SHA512
6cc730bf1edbc1ff74c090142a35abe601afa4f0c6cda630d09c03feb6ab09ed17b9cf5348d1bbfe4d3eb4ce7acdbf6638c0732273ef9cef4de5b912caa17bbf

Download Submit
/data/data/app.ovulyachiya/databases/a-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.ovulyachiya/databases/a-wal

Filesize
16KB

MD5
38396a899281c07d03dcba13f8a48569

SHA1
b8e47aa3ddb3aed5ff11503853702dc608f984e2

SHA256
c75d904306fcb96bf63b310d322930b77bcf0015dfd6356ce703b6dfa61a8ce4

SHA512
4aee0bbccb01348a255d59d60fa3a685b7de51cf361aa90ad7a440f921e26c5003c6aa1809e55d36a2ccfb66d6ec98fe5af85ece7663edd1fe9190581b2cb756

Download Submit
/data/data/app.ovulyachiya/databases/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.ovulyachiya/databases/androidx.work.workdb-journal

Filesize
512B

MD5
6fb2b5c2414734cf3fdf1f8dbd6123a1

SHA1
1855dccd6779902cb2eaa1acbef2b56a75583058

SHA256
b1588aa1f86bc66ada5356ce6600d0968d53420d9cc88cca61269ae5d329d21c

SHA512
d0e913ab8a71e3e47d82c90e033dc2649682f47240b1e5014f42947dc25446eefbf634b6d6852fe78ea917e05c2d31887a2563b30b9b759672f30538a468fc4a

Download Submit
/data/data/app.ovulyachiya/databases/androidx.work.workdb-wal

Filesize
88KB

MD5
4be9792d5e6140cc7bed103ac972f50e

SHA1
8211f8a98a531a8a37b5b536a45c2012593f56d5

SHA256
e308568c30bb74c764c07baad1087bf566cc453a3ac6bb3b32ebf75cab702e89

SHA512
d59824be8912e08f9ffb107e0d10fcfe10f79cfcf0c12f9a8ff4255d2e021fa5e984e2bb25bcf0e2535981b797beb78ea0993e8b227497454efa75f834d89bc0

Download Submit
/data/data/app.ovulyachiya/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
57b8a870bf282cc937c81803af2df0fc

SHA1
b906c40304a97180191ff50d2b84aff253c211cc

SHA256
28c432f881c363aa7192efcd921d82826e6bd8828167277336cedc1140caa16f

SHA512
e97644f34469b78444eec74a718d03db8c9b4532989e1feb41c16ff645db7179f33f64faac5ed5253e78ef9643dabefcfef515b9cc4a93e5e8b81f934966aa6c

Download Submit
/data/data/app.ovulyachiya/databases/ovulyachiya.db

Filesize
3.6MB

MD5
82dbce617ef18b1f4f352fbda6564478

SHA1
c29ab6c3f807c97b3be7cf28c7be87512ea6b466

SHA256
be91271c44c172e4d19c52b26236ffa4d966cda3b1af2f0a8a05f099e7fdca9c

SHA512
df3adf648432cc3c3b9320f8f4ca5231b82cde56c7e7335a259ec1cfa4b0b8b08aad4bd2325d96f2bc6d8d1015072f79c8a6c6cf69e393ca829b34ddc1f4b357

Download Submit
/data/data/app.ovulyachiya/databases/ovulyachiya.db-journal

Filesize
1KB

MD5
62be9121769e29098c168db722df1dc0

SHA1
a29fb790a3ec0f1ab8f717d73450dfca951c8f6c

SHA256
d50d17481ac367afe3655d4ad02e58bd31c6b6c31887d4ca4617f0f29197e849

SHA512
fb97d1d72112307f5ac84a38fa6bc648058381e5364f6183b84979ec7f8525ea4e5212782fe4df54087a11af5cd13eaf70d23ef3b394857dacb3937eac190bbd

Download Submit
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/hmxTzhYje.dex

Filesize
4KB

MD5
ab0ef74bd10df1ae4b4d7fa4d1408542

SHA1
0ee3c986caa50680944533722a57d2280cb777b8

SHA256
4807ff62610e32ca23b50d4976e0aa87bfbcf0913ab3eef311d55f3cfaab0c48

SHA512
cb7e7188a2eb95f072c1d175e7897c763c170268d566862efa2508b4893f557d677165a9d92969b2c50c6a1267826d0347711a9f07d97bbc65de6552fc0b7f49

Download Submit
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.dat.jar

Filesize
6KB

MD5
15c206ef1ebc6b1973fddafd57e91162

SHA1
994e548ae2a424e3d4fecb80cb59e435ec451232

SHA256
332fde98a4cfecb6d0a548ff13c7aabc0e75c2d59bc3597d264538c436892448

SHA512
02f799d39722bee4c9be64ab937bacc8d7ca44dc6d7b70571049ed0c79a62f15a035346577be91b3cabc4b7adb0baeeb8a294ac3fc5b54d9645aa87035b73b9e

Download Submit
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.ext.jar

Filesize
6.3MB

MD5
2e5770f4f89a238584af8d3d414ee724

SHA1
64dbea7d7d243e44944826f45d8f5b78450ca162

SHA256
c68f84cab38591fabd62cde7270ffa0c279aafc125d90b76737effb528ac13e2

SHA512
44f9bbfcaffe6757523b3f2d844d5520dad386f54bb66753f0326ece3c974f73b5d2b1bcc79661da9b66ee1e6dd6a1ac4cf10958603fcb99bd6b337868e70362

Download Submit
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.irs.jar

Filesize
684KB

MD5
6263092a4066cc703fba3c43d7ccaaee

SHA1
dd29ff70f4a0c4efadf810b605ccf3217dd02c6b

SHA256
60db470efa19a143065f88eb485ad31ee9afb169b852b42a7d87a790eb051758

SHA512
122f8819c0268f5bf6dadacdc6586b7509c0ece6155e8d2eccc897afea84ec246a7f193ce2975ddc134107b64fd51ecf56ed0f14dc443823759d6b76d61fae4f

Download Submit
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.stp.jar

Filesize
1.1MB

MD5
49b91e17f8168f2d406b5cd32e34c9b4

SHA1
96054ee16e5dccae6de5b42395813fe5cbae0a4a

SHA256
31fdc6c48124540edf532fa66a36652f997ec505662320abc3738a8308c3fe4a

SHA512
d4117115f9e6fdef2ace6724d984f60e7e054f7423195bd2cac22c22101052070c29e1350c9dbe5869b067d64c5e29fe86671757f484ac04db2102e712115193

Download Submit
/data/user/0/app.ovulyachiya/app_syuwmybaxqojj935wmi/ovulyachiya.uni.jar

Filesize
424KB

MD5
3f5d5ab5cc80ae55dca1719549dc3627

SHA1
fc1a5e8b43ddd46c4d301127f9c2e07a613809f5

SHA256
adde7822a6f4b22b80e8348fe09d9d716e2f8519b8be926598a53463f43b569f

SHA512
885988fb4fb5b0a0b4c9b5f067c5b36a7fb7b731def6bbd3860832da215f19911b9a064973f74180461bace2bd04a2735142bb770783cb46e1b1d87c728497dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads