35614cbb81b159d2dc0c8c4a6d4678e70e2b0d6d335fe51f9431a3665efbe77d

Analysis

max time kernel
179s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21/05/2024, 05:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

AndroidApkAnalyzer.apk
Size

4.4MB
MD5

cc57da1a0886b63e913d166bdce662bc
SHA1

4d8b5353120c5ed142a88bdededad978cf67aecb
SHA256

35614cbb81b159d2dc0c8c4a6d4678e70e2b0d6d335fe51f9431a3665efbe77d
SHA512

fb70e69845c101c4c7ab5a63354d7865b6cec12143b665a8a7c8d8825aa17dcc9fae9df97311fa438c0e599f9c4901a7ef9a1ef7b07bd2007ffe74d037dba989
SSDEEP

98304:aJt3boZniB8qwthoLaVAv1sVt2teerxgTbL:cCZnk81tuaU1+SeQ2TP

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	sk.styk.martin.apkanalyzer

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	sk.styk.martin.apkanalyzer

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	sk.styk.martin.apkanalyzer

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/sk.styk.martin.apkanalyzer/cache/1582435991586.jar	4287	sk.styk.martin.apkanalyzer

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	sk.styk.martin.apkanalyzer

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	sk.styk.martin.apkanalyzer

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	sk.styk.martin.apkanalyzer

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	sk.styk.martin.apkanalyzer

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	sk.styk.martin.apkanalyzer

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	sk.styk.martin.apkanalyzer

sk.styk.martin.apkanalyzer
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4287

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sk.styk.martin.apkanalyzer/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/sk.styk.martin.apkanalyzer/cache/oat/1582435991586.jar.cur.prof

Filesize
148B

MD5
a3b78d197d786c13687c3f0f89703bd8

SHA1
9967f0726b6b1ed3f198904547b81920f8329621

SHA256
c5e6754556dbe01b055066f23c28ddaaf5fe67cee4baed00d59dc993335b3d97

SHA512
9a47c9bb977edec9d29d22f280e0078ca931a722eaecc2b085c6b5aaf6246d17a6ad07c9faca45070bb5b89a3ee6cf896f5e2c7e73fb033e3ac57471df70a8b1

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9e579f896bc7b86e95a0348d8bfd73f0

SHA1
151a89b4356d91440a15fd380dc8c3005fb8cc3b

SHA256
1f03ac366a0977ea11702eaaaae96aaac299e30b7612653c4b99e457b952be1a

SHA512
a6c71f093319edb3578112597e864ffe4fd37635fe38efd079195a7baba1914eea76d193aeef226fee5da6032aa864e3b9b51e123320678ab3ef18443fce7239

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b4f745619a21826d14b32abb4465f8e4

SHA1
856136b52a51c4d3b8950b4f985de157e493980e

SHA256
1158a27960ec5896e9161e7a3195f370c8bc19139092bbaa22bb3701be2d409a

SHA512
4b6f8bd58d81fab72e60d722dfd8e81f81898a5f5175ee783291597831a011efdb7ddad6ace9ff70777a99aaa3fbfbf753777be13b48574da4bd2b961462b16f

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
60f9ca66e11a1864b80fe0a67382a04f

SHA1
e4ddc469d5fd1540573cbad72e1a04d76db30e47

SHA256
ea0506f1fe29522569ee93d2817a081553f05d9f313a06bba7dbe0151dacfa1b

SHA512
14ddc28925fa3e9754b3faf3a9d8579cbbe8c3006c8eea6449decfd4c767a6a358c51dcebd6fac413d431f2fbc57d7f3c1a109b3c5353986981fd6b8fcc8245c

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
083a0a6501f400f638cb4195ec91e683

SHA1
fe919d773e411d29d467a9d677cc4729688a135b

SHA256
79c6c6e98b2df24d138bc97c3666e7ee5342a15201ac3bc6cb8e077c87d25351

SHA512
f4a28355a8adc261f6bb5dac342b49225a5b0de9363d120db6d0f36a545cf841670d5716af0d2a3ab7dc7fa59d4b36de8057d92be93e0444256352328dcc8da2

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
152e53dadf24d5e4b9b245e1aa5efaaf

SHA1
9305263d9851f574ace242eacfc0df92cbe7f724

SHA256
bd88b720ff6b3639747605ee6edec9774b6f31875fff85bdf70c69d7e8ea0593

SHA512
8fdf20ec502933ef4c16daec5c40a7ffa5700bf15ca596f4b49ea5e7cec8961f532921024816f675e066db649326c90473ab01b0abede387640144fa6aaac303

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
441436fd78ba9fcd45e9d795f33f2654

SHA1
f94e8177d36b5618e87ce4996c23bb2137182d4d

SHA256
4a988183131f1d80fdad515fca4958521d6bb8848dbf30458e319f0be8aafeef

SHA512
846d5c26e2e75d9b5a95342ff5dfc7b4309a8447e9545c2c7044b7e0e13c84d4d7da19b8b812b5c323872f11268aa2a17776db83e785bad214c4ea7418341f7a

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8923128a004c16a0b1dd70b26a9c0c68

SHA1
7127279dae294a393c9caed9c3a8eeaee5600c3d

SHA256
b545a9ab5e87c0870eecdf106e2b74063c5882730a0af9e78ad61c7ef48555bd

SHA512
f198de0efcee14804578716bb61bc315eb25def5d3dea0eefdfb204cc405c338582064e884d764e8e80de24ee01e48dc10aecf3ebba8f531062ff0e15959e894

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
ded26ffbc682ca5acf735174bf5f054d

SHA1
4dbbed511a7cffbc71145287cfaba6104bb685af

SHA256
08cb3e9fac24a5ce1e44e76069e8b24c860bf078abe8c4290de3b9adb67d4e2f

SHA512
bdc042c5ad3c4b9c33e198cce0c117ef94566656909e04b26e9e95f4ea606cd3ccd2903fa0ef93f8f90081505708f8b6218307dcc6261acf7cc91c288dc0037d

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5a78fde02197b63564dcad5a1587b5c9

SHA1
d5fbb3cbd4db74e5927c469b0ae831d3d44f84b2

SHA256
d29bfbe494900aaced4f94c3bf02011e4101428095ff793ad9cdd61d37767972

SHA512
2352eecba8d1bfa69946e61be9cbfa2f66e7ce38d3b75d5d799fa0cf0d08bf33f33792edc3e75d5f18decf920c0ad79bf0a14027c74241682320134ffd20cd15

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d31624b1f57a9ec286c3457c20a7872f

SHA1
57e0bf02bc61af1385b1a5da1c036b677a2b4835

SHA256
6fccf5a0f54be20e463c4fc99430d29cc16fc214ed95201db63a4e3c93a30460

SHA512
140af957f5f86dae5c19e79a883ca7e77b8aee09c5d2063e6309c3a0df3a30522ad5bffab81a7d7281646a75dbf78ec087ffad80ea576283ca48664ffbd8ec59

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b6cf42f2fc0eda0e4f41c1619cfc5679

SHA1
51324e5a76f9fa15ac8b86f6de689dc829941487

SHA256
8329acb2da6d22f9b50506389fdcd4add5225cc5343e8a3868ea1a60ef3d85c2

SHA512
1abed542de694da4e4406f86c587c2224c780fbafb295fc1fd17c35dc3160035d292259e93e2e91a5663e016ae647ede874b021368911a9d1d61c9a61eedb76a

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1a414ed929eb2514e55189567e7c1e75

SHA1
3fe64de32c2eea6ace55eda469c6d40af38eb3ca

SHA256
3e5de115238d569d4a8d76e30a30536cb8175a8e146123ddbcdb4e6e4d204e6e

SHA512
83af025ae65f134a096209f8fbf70d1d03e3fa10cca1a253f75ba480ffcb25c592d166618fbce7f85c5348ceddfd326caba523158ecbe8d20c5f9ac4cccbcba9

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
99ecac80c0989b3fb739b950b64be1ed

SHA1
1069034d5353056628a7dad80c81c7ab476272df

SHA256
502b6220dc142d0025f01248a325ff17fbe87b63d769405deb32f15670529013

SHA512
da0a76d78fb01286fb4aa4da30b23f21386a1e1e5504f33922985a721a663fbb4b5f84b82ef14ea304b4119422942ec57751a1304eaa2ff233da5a4edc3d04f1

Download Submit
/data/data/sk.styk.martin.apkanalyzer/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
3add0fc529f792b50c4a1054268c4460

SHA1
225f0a44ac14b137b83e05d661c4ba6b940822eb

SHA256
59edd6c762e8c44ede45eb7a74ab251de1b77ae2d6be367721aae2d8ab61795b

SHA512
58f03a3967ecc5ce12f6f15cd46d6e94f4f98e32dd240ea1990d985d75aab27c060517fe5c5a9b10bea9b73ba069a0e7a88cc90cde484bff77bed79cb6334b14

Download Submit
/data/user/0/sk.styk.martin.apkanalyzer/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads