Analysis Overview
SHA256
d63857461a281f32233b548b411227d2318ae85ac3695d600391d0aa0ac63b6d
Threat Level: Shows suspicious behavior
The file fake angry.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Tries to add a device administrator.
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-17 15:39
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-17 15:39
Reported
2024-05-17 15:42
Platform
android-x64-20240514-en
Max time kernel
76s
Max time network
165s
Command Line
Signatures
Processes
com.katecca.screenofflock
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
Files
/data/data/com.katecca.screenofflock/files/one_time_settings
| MD5 | 68934a3e9455fa72420237eb05902327 |
| SHA1 | 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 |
| SHA256 | fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa |
| SHA512 | 719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-17 15:39
Reported
2024-05-17 15:42
Platform
android-33-x64-arm64-20240514-en
Max time kernel
161s
Max time network
165s
Command Line
Signatures
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Processes
com.katecca.screenofflock
com.katecca.screenofflock:qs
com.katecca.screenofflock:ls
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.228:443 | udp | |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | l.anzhuo7.com | udp |
| GB | 216.58.204.74:443 | gmscompliance-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 216.58.204.67:443 | tcp | |
| GB | 216.58.204.67:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | clients4.google.com | udp |
| GB | 142.250.179.238:443 | clients4.google.com | udp |
| GB | 142.250.179.238:443 | clients4.google.com | tcp |
| US | 1.1.1.1:53 | mobilemaps.googleapis.com | udp |
| US | 216.239.38.135:443 | mobilemaps.googleapis.com | udp |
| US | 1.1.1.1:53 | mobilemaps-pa-gz.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 216.239.34.36:443 | tcp | |
| US | 1.1.1.1:53 | region1.app-measurement.com | udp |
| US | 216.239.34.36:443 | region1.app-measurement.com | tcp |
Files
/data/user/0/com.katecca.screenofflock/files/one_time_settings
| MD5 | 68934a3e9455fa72420237eb05902327 |
| SHA1 | 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 |
| SHA256 | fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa |
| SHA512 | 719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d |
/data/user/0/com.katecca.screenofflock/files/cm.lg
| MD5 | 2b9fcfd9c4ea76523e1f77b8e00a212f |
| SHA1 | 24b9d96b2b4a4090b57cd2f87dcc822e153d09bf |
| SHA256 | 4745a9680fa7367a992f7ccd58c6e8775a41568f27a0be797554592a622eda57 |
| SHA512 | 860172181a94df6dc7451db7b042a9d45421fa8d08714918eb3d546206315ca48b007385dca9e44baf698ff7cc549368f4b764b9dbf8ee9f683b16bbd0711bf2 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-17 15:39
Reported
2024-05-17 15:42
Platform
android-x86-arm-20240514-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Processes
com.katecca.screenofflock
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.195:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
Files
/data/data/com.katecca.screenofflock/files/one_time_settings
| MD5 | 68934a3e9455fa72420237eb05902327 |
| SHA1 | 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 |
| SHA256 | fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa |
| SHA512 | 719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d |