35614cbb81b159d2dc0c8c4a6d4678e70e2b0d6d335fe51f9431a3665efbe77d

Analysis

max time kernel
179s
max time network
152s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21/05/2024, 05:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

AndroidApkAnalyzer.apk
Size

4.4MB
MD5

cc57da1a0886b63e913d166bdce662bc
SHA1

4d8b5353120c5ed142a88bdededad978cf67aecb
SHA256

35614cbb81b159d2dc0c8c4a6d4678e70e2b0d6d335fe51f9431a3665efbe77d
SHA512

fb70e69845c101c4c7ab5a63354d7865b6cec12143b665a8a7c8d8825aa17dcc9fae9df97311fa438c0e599f9c4901a7ef9a1ef7b07bd2007ffe74d037dba989
SSDEEP

98304:aJt3boZniB8qwthoLaVAv1sVt2teerxgTbL:cCZnk81tuaU1+SeQ2TP

Score

8^/10

banker collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	sk.styk.martin.apkanalyzer

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	sk.styk.martin.apkanalyzer

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	sk.styk.martin.apkanalyzer

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/sk.styk.martin.apkanalyzer/cache/1582435991586.jar	5111	sk.styk.martin.apkanalyzer

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	sk.styk.martin.apkanalyzer

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	sk.styk.martin.apkanalyzer

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	sk.styk.martin.apkanalyzer

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	sk.styk.martin.apkanalyzer

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	sk.styk.martin.apkanalyzer

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	sk.styk.martin.apkanalyzer

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	sk.styk.martin.apkanalyzer

sk.styk.martin.apkanalyzer
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5111

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sk.styk.martin.apkanalyzer/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/sk.styk.martin.apkanalyzer/cache/oat/1582435991586.jar.cur.prof

Filesize
147B

MD5
acaaa87345485b63443288279e968a9d

SHA1
ac76e163d5f7fa376350a94c1b80a449f3ce0c05

SHA256
449a7d50d47e918f61aad3de2a57d122f77b88b7d173dd0073174a2bc4507bd1

SHA512
0ade74944f320e91b27ca2001089feae9f1bf0d7609693c6f62e8f568060c9140cf8f0cae3ebd7cb6c0e5ea9c1a91aa596df5513457b9a0fcdbbe7fa3c870e69

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bcafd703f682819c0955e370f2d9e9e6

SHA1
ac10d7aa0d0188f766a67317728be6847bdbbcec

SHA256
3d28f9eb63bfe991808664daebf6e6d8e82703ccf4b13931c07c6983a80f5165

SHA512
e0a234d48990e1972e0f1ab9e1d1c1a705b9bebcdd515fcab5f76608533caea49728017c91939932a5327173a46087e3782d3569cbcbf0219cf60baff4859fc5

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b9e84b8ac9e162ae0360f67ef859c5c6

SHA1
0daec881570e4ce2979140fb241dd994c0878887

SHA256
f3b9eeef4eddcaba144e78541e724be15302af59abd9be8215907a59b714ba44

SHA512
dc6004aed0eb79e153cafa17361564802c563eecc0119de1b2b8781c775b496d66ef2c389d6c6e30e84ddd2db54271fd113bbb700459ea6b421d953c12b135bb

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
21fc2c8a91fbb076538eab14e1ba2cbe

SHA1
139f4e122eef29465907b5e7a334b2bf08f15b30

SHA256
9fe19f3eb1a368cdac6159c4e0128bef5f4707b006a89cf43f13896b5b4def4d

SHA512
4636fc8f72c44fe02394b64446b6b7faa76f7c0689ffcc1c2a75376e1fea0cb53d2c4f32d9dcea78bcc5ad3752a210dc437783ff50c52b74ebca614f5b6a99e4

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
72d03b19e9fc86377d0a10d34525cab0

SHA1
f2b7b328633f79f648301a523383bc4c8811f47b

SHA256
79632d4bd557d38e6365c8d51a7a2791fdeb5dad928376e350010e4081ec1011

SHA512
2085ee577a54e35c68787dffee99d8579b767dd941b8e8858d8e4e808e3259016b6ea950722691f0f65b87e67b3260a8e895baec76bd13b165992c74391201b7

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
61553ce47327abd0543d2d2624c6f760

SHA1
eedb12ff29c8a9e95595532a26bf92a3bc609b9b

SHA256
e4ffc0efd84ff86b6054be1ad6b16bef576c4e05562d606984392ce42536dd68

SHA512
8ed5d6459c0ef0ab16b47d8a5d1f729a5de30753e36d82e82d519234073aebb128d298423b1b34f8a11e27c66e6ff94858c208dcb638b3bd7def1f331e078871

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cb43684c66c010411456dacc5e5a1a94

SHA1
c367b02b49ba00f7cc705671dfda2e5f16ac01a6

SHA256
5397538a06aae4dd66781cef630b92ccb4f401f44cf791ed95d430df446eabe5

SHA512
bab12af0886618634f477dc46d57fc1424ca59f03a2d2e8e138ce934e45dcef8f3ed5ce8bc26881d2c582710f60be566aad0ee73e869ff1e30b37473584785ca

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
197801d9abbd8fc7e17599a4fb5b9e02

SHA1
42487a4c67087822085b88b51eaa0331fdf183ed

SHA256
af2600ba3596c63e22770d074617166701fb01352081da91911d7fd7feb6a64a

SHA512
24a8a3b203bf9532d749364f93613a922b2cace91efd589e662768a8c3e6ba47363eca4c8c5b9a61b380241059164765bd57b8f7f42a0d31d4c28f305fbb3314

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d2b64d96cb5d08443c97a9c7f451bdb2

SHA1
872a720a8e9463a4fc4b79f19f3c16a9bd65ec24

SHA256
1cec5dc0092942d4ec1471bd123191cc3453e3a049b9537fb1bafefa6a14f81c

SHA512
06667a0063d4ff8f44f3bce3a8a22598d3f2307a6a54178bf37202dd3fd06918cfbf2efd6166711dee3ad84ad75c6ba837f03ad06e7cab1af8d958ebcd645f1c

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7b0ef46b9cc87409bf56532b86ceb32b

SHA1
55921c88da670e008e86480a3e7e4e04c58530fb

SHA256
ab022ec0cea444209a3e6def357cd0ece42b4a391e6122ac909dd7ec31e61da9

SHA512
fcf8d45c69ccc7fc9c3845140ba70c47506a5d4e02b9a16d39de02d841fcd5b8a6829f8c12944675ae4e90ab3ac66018473ac4dc88de79157b4f82bae5c55d1f

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
07fe6879596a2656ebd666f46b0afee6

SHA1
3e819d11b0dedcee5a61d154c6e11f5c87c566ed

SHA256
4caf9451b92fcd84d21a30d32c92aca3b2b5032d4aaf77657ab6cceafa952bd9

SHA512
643db2fbc2d87b4860258ee93d3b3f0ee0a6cb3127b3b445304ec48cea3c61cab9d14a266979801c07d2e7982caea5d680d46a502e315e392b878dae84aa79e0

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
2fc1e6ecfe5fed4bf33c5d7b31f37851

SHA1
64c35a86985fd5b68410e2e2dbb3ee052b04f1ec

SHA256
a23bec7b3152934145a9f8c7965587f47f0cb4987dfe531c13390806bdbac8ce

SHA512
6c7b5af46fa6ca2715f9a8130bda0613fc9d9c75983d22373da32adaefc9ae79b3427147dc151b4efdb68853d2ab91877c76d60c3ecef33c3d6a64ea557eaced

Download Submit
/data/data/sk.styk.martin.apkanalyzer/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
153e67512653cc6bbd341132f88deca8

SHA1
f456b4a5bc278133dc9844d976db9af68d896da9

SHA256
7eb5e5615dba84795da7298c8b58632c5ad4b06400e211fb348d9036587a561a

SHA512
eccef3e44eff9641e1e91d572e193f8570873b4e3a700c46032e469554d67591b65d684351c29550ddbb727bc5f3abb55c755d838d3e6f8e252e5f9506051816

Download Submit
/data/data/sk.styk.martin.apkanalyzer/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
54c3946a516421e85ee80c7b327f77ea

SHA1
5fc301c2af4b0a71078a161cbc4f4b967cf52d0b

SHA256
3edc7d9d4817c0b3552c78c1c9abbecdb4887e586dcf18e6b5cdfdf1ce595751

SHA512
6ab1d518c5a06590481e9e958eed5e000d315fba42bb9eafd39868df27461a01a5f5eacf334c1877a1642fe751aeb235e0e9f085722efe598b0357b4d2fbd566

Download Submit
/data/user/0/sk.styk.martin.apkanalyzer/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads