cbbbd1a3eae287286ca6d28628d98c78c971964aa4a725c094a2f6ebf1061edc

Analysis

max time kernel
155s
max time network
150s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
17-05-2024 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5815a29e5fc062840f4bc9620a8b618a.apk
Size

3.9MB
MD5

5815a29e5fc062840f4bc9620a8b618a
SHA1

8ddf03b7b7e130113b4685ccfa80ba790ba5f847
SHA256

cbbbd1a3eae287286ca6d28628d98c78c971964aa4a725c094a2f6ebf1061edc
SHA512

3a85344642b91462e6248108dd6fed59f0ea1a7ee222e2d720d79febe4828fc826d3b46d319eb11c1029c6a2e8541b4d608cf1f31db8e7c215015ced2317be89
SSDEEP

98304:EikNJQQyLRdnrTPIUL4VfSytWvlNMxNRcXpJ0ADxnIC:jkNS9LPvPDkBelNAcZJPn1

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.coronavirus.info
/system/xbin/su	com.coronavirus.info

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.coronavirus.info

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.coronavirus.info

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.coronavirus.info

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.coronavirus.info

Checks the presence of a debugger
evasion

com.coronavirus.info
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5111

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.coronavirus.info/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3b224765328fcd774052b9f3557a370c

SHA1
e35f05743ef177f43280be6c5c5d12b1345a88a7

SHA256
e4180cefe67fdf56c9028277a0bf990b75d126c901e0cfbb288f7abbf1e1c507

SHA512
a20a553567665886b4e51d378c1191bac0fd54f1697686686b536cf604f12b26b9e1ceac2f6e9845f4f5ee8632d481458b9f8056c8735f4e52c3f01db82014ef

Download Submit
/data/data/com.coronavirus.info/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7a6f6285ca078b46527f9a635efac6ff

SHA1
237e53591e0e6f6a6e2c87694552ece2d7e5e961

SHA256
0b7417a21ec6dea13f64af2e1c1de42ed6e1000fc9f0432550e1749432d2328d

SHA512
a7ac1ec8966e6134b84141cae0780151b7a52d4480ba0f803bd1ee5a32313e557b50a8c521716160b771685a7779263b4cc1efc6ff85597b66ed835cafd551c6

Download Submit
/data/data/com.coronavirus.info/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.coronavirus.info/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6470b7dd0314dcf76b2eb2bf8a6ec559

SHA1
06c775d50a66e00ba9fa6d3115b3e7c292d3b09b

SHA256
424084a59ce960c879c7b2521792c52d704978474453ead0e66e54b641522f71

SHA512
b0226db6a77dac1309f9cacd0fa83b409a5091fbee35d9803e210de4db8d7391231b6ae05731665ef48f763aae7fbb8f82a5a098e15aadf546e8224261f17d46

Download Submit
/data/data/com.coronavirus.info/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
62ec4a550a62e609b8139db3f197e612

SHA1
971b3526ae6ca23c169ec7b3d447847bee7fadbf

SHA256
8f7c355a6db11ba3eb0791ed18ccdf2479057cc1ba72788983aa3980b03652c9

SHA512
a752348e2e9511fc0f6ce38bf4c6a2eac6370a0ebb11a5af10a8c283766e8e99be896d37e353f81b38f395338893acd5f56c15929968e98873a1a97698162e72

Download Submit
/data/data/com.coronavirus.info/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4a92f27e132a045ee807fc960e6e439c

SHA1
2d747fbe62e828ebff06bd3d6f0b36c7e584c061

SHA256
30940ac66e6745dfb4fb9084de19d91ca716ae4f3a51bb564a171b8c5d2a1dff

SHA512
376bd9f556ab2ee383360d188e10b3f1d968cf6cb738b70be8ea10b9da112831e42478cfdd65bfe15c6a5c162ac5b88416465d09513b14ec2a0d8bd2d03b21a4

Download Submit
/data/data/com.coronavirus.info/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
99e45a5515b9b28efd6dc8a7ec4c75dc

SHA1
8b4ce367e1570d6552affe7b71320a99173344f9

SHA256
b38907e1216c20c21d3d1ed5e9118a3eb8b363c40c79cd9251171a6ea6a49be0

SHA512
23d2e8b60a453ff698b07e72ddef914af301330344706ed5cc1446077896c4bdd9de8115f47a6d7241d1e24c4203cb828608a5359dfbdae1d2ef7ce45b045052

Download Submit
/data/data/com.coronavirus.info/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f7de28f11cc4799bc8e396b8053a277a

SHA1
a006a38e34bfcf6722744d7e7f24d99c1c079f30

SHA256
55765c8ff3c6b376680105a50b8997396f415cd5e7102a8b7b7dd07146d582bf

SHA512
afd7b7aa03e2ce444b49744fd3dcbb2d4a6cf892b3da1209ad71719e5023cd31a8338a2fa831dc604d92ec57bc417a7840709f28f0276df593c3df57ef0e5069

Download Submit
/data/data/com.coronavirus.info/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d456137ab3e679bd664943becd8aff81

SHA1
947a6fcc503a45978c340ba98371dd17006e1469

SHA256
339b9512b939b3bc89aeaf13b6aa92f13b9b760bc5bfbd223bd879636a136553

SHA512
79575a3fd0fcf8d6de1ebd53de392b3464a28f1cf59d9c4a1362a6f772c051d722459b9a48a8317388bf829fdaafe2aafc3c3f3d7ea41a5f6bcf8665a43ed05a

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6647A7880210-0001-13F7-039560C5E5C4BeginSession.cls_temp

Filesize
77B

MD5
730aa675a8c84cd345a0a047243e56bb

SHA1
bde175625db1275ae8a07ddb0166d76ff48bffee

SHA256
8c281e26cf116b304bf968d6ad66e4169419a151d66c5552d3b72b6614d6d5d0

SHA512
d352c50ef37f4d7f1079ae2e68cce63f80438faf06f5608493c513ece65aa50b02d7a6e95c04aa0b4d3c98e72c76e969342e3bf3a93742c5502efb7e9e76f491

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6647A7880210-0001-13F7-039560C5E5C4BeginSession.json

Filesize
132B

MD5
e3e8af87397e4ef2bf4787a91daaf4eb

SHA1
4eeddf20fcd4017ff12e92fb57d9ca3f56120503

SHA256
812500b06c7acf63f50998d44ce7bd4386de3945f92b0bca67ff294f654da7b0

SHA512
17cafa9239781ad93188792b3cb03adf32f5400337212a75f0cd807a225cf9d79225461b7f0c8b6eacd34e55ccab55e68ea662b5484bbb5e83c932afa89020d4

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6647A7880210-0001-13F7-039560C5E5C4SessionApp.cls_temp

Filesize
112B

MD5
d383d4a4a72ca7381e0d7951fda8559b

SHA1
9a9877625f333e8974c7eb04fa13b6975dfee841

SHA256
215a60ee72ac7f5d3190923039d6e812d59c603a73a19c66f00107d9c1c7aa34

SHA512
c70d6124bbb10e099bd8ac8c828eaddac28c7da42f895861ea086bb3997547fc5c527b0003ee40219a2dfc1698c063b8056f65113fa4c554aa7b2a9782cdec2e

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6647A7880210-0001-13F7-039560C5E5C4SessionApp.json

Filesize
226B

MD5
aa535a4f6031de1104abd300863fea19

SHA1
b8793c664f000e8590197d8980513cd3c55bc544

SHA256
199f23d5ed625b160c1dfac968503af3054c7cdee2772810fca8dd8a6aba6283

SHA512
e597fdf38319967429f52f604040074071d96f85e8a2c571fb533f953363af60661b92deea59aab37775d65707ddf5531156bc7bcbf90b120a25b378f1dc5c9a

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6647A7880210-0001-13F7-039560C5E5C4SessionDevice.cls_temp

Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6647A7880210-0001-13F7-039560C5E5C4SessionDevice.json

Filesize
202B

MD5
afa07370d07ed0a8ac9554ee7001bb72

SHA1
d1e9de22fda1295087525ff3a377f7d7dd410ac7

SHA256
8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

SHA512
a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6647A7880210-0001-13F7-039560C5E5C4SessionOS.cls_temp

Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6647A7880210-0001-13F7-039560C5E5C4SessionOS.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
399B

MD5
eab58e7625fcb7dd41a5ccc04c91cf4c

SHA1
57627dc9182ddea5c1563237c6f1d4b916a14de9

SHA256
961aadb7548c385db17dc88dcc061c14e5a448a4e1ebf669569010d0fee83832

SHA512
e6dd98d94423c34f0798e9d082b44dc48a83ca8dff509186cb421e5c6c253582188500a83c639e47ba40e767ca57fa54794709339feb6934309c5077175f400b

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
417B

MD5
fcb5e1b280e704dfa84b1fdd96665a59

SHA1
1e2840edbbca417052b940d2ee2bc189ad1d5fd8

SHA256
0ffdd6c5ea881340e5b40ec5762516b57727d5f6668780c9c9981bf870b252bd

SHA512
cabfdc360986f5b9afd39485fad3fa0dcdf53e44190ee364188724465f49d90d1b956e24c26f6a14c837ceb070ef1dbc20a275e9bf5f01e7b9f7106718b6b087

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.coronavirus.info/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_59769d97-7561-4c07-85eb-5dde0577783f_1715971997192.tap

Filesize
323B

MD5
f87453c364d868fc7dd681fdd7210744

SHA1
4f7c766fb058fb7337173b742252f5a2b33e2495

SHA256
1f3de5a3ac84e27b7194cc90e11e933ca33c9ab27ceaa907ca567648e68ce947

SHA512
9842c9a97c9de2d0a81dd4b33d529febe7ec0e9ecc437f2a538d305da9c7492d0f0f2c72c2f0fdeaa2d3e7b07ebd0b80d816a42b780220e99e9247799200b6bb

Download Submit
/data/data/com.coronavirus.info/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
8656c4864e748fb179bb22591c995d41

SHA1
f207bd500e1e87435a2866a2c7ded4975a01b4ba

SHA256
088f257e0bd78cebd384daa689d734b67332eb86558457d2c67c9e20d9a90f32

SHA512
dccfb6e27d886f9ec34dc2168b0ae52286974ca2b6e2a42c37a36de24704d19113d330487fec3cf42aea7678be4b05e5c708aef0c78e99c420046e9b34657005

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads