961606a5c8a4551b28f860da2a8d322e2f0063fcfee07179697bf93d7d94f3a4

Analysis

max time kernel
47s
max time network
152s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Emtiyaz .apk
Size

1.4MB
MD5

a7aab9c22e5deb03fc6e6980fe9ae2d4
SHA1

97be1d11203ab09af5d3ea95be666d61260eb9c2
SHA256

961606a5c8a4551b28f860da2a8d322e2f0063fcfee07179697bf93d7d94f3a4
SHA512

800b4b084ef3965592a29af968cc07e7ce0b79994ad0b0e7f9d970977ff1c5327ded6f6865553ca076c20a5a035606a15b2860c06e0a54d8b36b88156594219d
SSDEEP

24576:V0m7XIv33im7SNjXgxHMSpOdxlbZwsY0vyl4HSZkGZzaRsiv4MUDa5GE:hXCd7SNjwxHMSpmYkHMZ+Rr9UDKGE

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

app.emtiyaz

ioc process

/system/app/Superuser.apk app.emtiyaz
/system/xbin/su app.emtiyaz
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

app.emtiyaz

description ioc process

File opened for read /proc/cpuinfo app.emtiyaz
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

app.emtiyaz

description ioc process

File opened for read /proc/meminfo app.emtiyaz
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

app.emtiyaz

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone app.emtiyaz
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

app.emtiyaz

description ioc process

Framework service call android.app.IActivityManager.registerReceiver app.emtiyaz
Acquires the wake lock 1 IoCs

Processes:

app.emtiyaz

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock app.emtiyaz
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

app.emtiyaz

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo app.emtiyaz
Checks the presence of a debugger
evasion

ioc	process
/system/app/Superuser.apk	app.emtiyaz
/system/xbin/su	app.emtiyaz

description	ioc	process
File opened for read	/proc/cpuinfo	app.emtiyaz

description	ioc	process
File opened for read	/proc/meminfo	app.emtiyaz

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	app.emtiyaz

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	app.emtiyaz

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.emtiyaz

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.emtiyaz

app.emtiyaz
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.emtiyaz/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.emtiyaz/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
3494a8b248f6dfd70776e37ad39a5a0c

SHA1
df1996960b06e4ef5d0279251534709b17413b86

SHA256
492a56040d56a1b47462333a13d8679e443801431cfef396c9e2c256066d895e

SHA512
e85d1f78d87f6577e7e9a470450de07b914928e851c27ec4041d0cbf9be50c1f6d985cae16c6936829b40dae2933059d87821d100ecdbcda6e610ef39c94c233

Download Submit
/data/data/app.emtiyaz/databases/com.google.android.datatransport.events-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.emtiyaz/databases/com.google.android.datatransport.events-wal
Filesize
44KB

MD5
3d1a71a96c9f5cdb2cdd337eac4b1a91

SHA1
58edb0f8cf5f7a260f4cc8e8a1945c6aca5bf15a

SHA256
30f10cb7e295d6898adf5ca26c319fbb08f84b954e1011bc8de423f1d6f13e4f

SHA512
ad43734eda34c86f2d5b00d0baaf5dc6e0475351a215a95acae6e9826a9dbc5ee6a98c24178b4097f6408b21a13d201d728a1a00348f84718bfc14ffb420f433

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
3fb820f0e2b180eb268e5ce028f15890

SHA1
bfaf4d8f4db677c1a7d3a5c617ddefe1de90563e

SHA256
4b2ac88ad632faf27e7feaf3f102d9a78410204da95a5490bc6810c1901bce9c

SHA512
9f9d9fce9d722414513cb2d351992168d5d2b31ac34ced64821cb7261eaa7acded9fe5c61c4e66da4514485c9097f117400eeff808d01de148020dee5efd2309

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
6a47c89e01b69a70d9302b4b65e790c8

SHA1
76190ce869f77f09f6e939535e95b30eafaa0c21

SHA256
7c3dd84e72502e9dc25a737d903012ab55257f7b6cffd42ded8b4a9b9325fe1b

SHA512
984245b9cd62b941ddd1cb670d3290509bfb50b0b36cd023d462fa7bba46d9ec57e9d25abfd7555d166a26f155475eb3a912b4b2ca1da08cab6216476457fac7

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
27da053e6e0a77072666753af74bf493

SHA1
ff7308e3593e1cf10200ac23ff9e79c686fb080c

SHA256
29ffc430f3cfa691c1f0a6915ccc16c4ae45ce84ae2eb581238c4e02d1974e32

SHA512
1e2199d8496ca29ee34b25a736b2c1f09cd61c709dda3afaead5277c00e2936b41553ca299d115e07866f2ccac09ca78e9220a0a1ab8d4753101a63e320b559c

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
e200818f26fc9c7ff4167871b9d01429

SHA1
abb18363186478197c8a185e210dffac76fcf36e

SHA256
fc206a8d97988b9318a00a73559050cb9fd683984b00a65b2300dca04bff0c9c

SHA512
d84871a9e23a6b575e3437159eee9d036a87e7e0422bd46e155b5cf3d91815f9c3b788d3dac40f7da56767e66e837854cfacffa4ecd189dab7533636f0d28f32

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
4162638f3d4ea723a79e20c998da3b5b

SHA1
0d2492bb85bb0dbfab86325e96bd29e3ff10630e

SHA256
2a3ba9e7e237abba2f2b9ca75110737717fdef96307321fc7b9a38ce9bc56fee

SHA512
c7f6a82e8a91e5b2ccd5f4d4594dfbd735e69342ad7e793f8b3d6c12f7485b85deb966ccb14c089964f4e844ddaa3d8538ac05dbf05612439846dd52211ba539

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7809e697287a4f100e2da20fac437b4f

SHA1
828f5ba0cfff6cf35c38946b12e8878c62e32d89

SHA256
0b82012ce67a22f5edd5894a271516978c096758d54bd15c2e5a7cf8ca64f899

SHA512
67f7a5ba7b76044908401b809e93bd9b29b94710e4b6802c6d15d913c5e428fbd5476e744feb0026c7fa22507c312cfe8966dddfb1069808ca5be14722f7eee4

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
0e2f30d4e3979666539ce17bc3f57b7a

SHA1
8144cd8f6239447a2656f806d4364ee14d757c47

SHA256
8ba4b7d751e032221f7cbbc9286d57ee4d1c9ca276ef39293717d645db4b449b

SHA512
c519dfcfd4aeb7eaf7e2bbed58506fabe7b79c5339897ac8585e8ea08805f40f0332bf86dfe4366d3672e71b07dcf0ef5779464f8829f9d1ad9d40cead24bf99

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
592647f4fb7f4e60000610792e54d676

SHA1
c85ed6b140c102cbb7050c884e5196edeeb5345a

SHA256
e259db314fc75bc229fd911b8c7f7eaf3ac2cf048353b9e24d3bb7c440c7d49d

SHA512
0c324e80648787a0c39361f2d489e8e2e8b331c769bd2b7fe5502e73bcbf2259acc8e6fd27535e6ebd0aa36b6b206cc83dd3e0e4330f6e0a8cc1b4f3a645114d

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
24c05206fb0bbc79c8272a79b64cab1c

SHA1
71a04292251f2667accc0df77c0e0d40b49bd5e1

SHA256
289ffe14cddf335581fedad271c25cb5eeda3efc852d0eb276309c77073b1063

SHA512
26428f6b8c14befe40d85135f1999a29c1c9d049bbf9251da3ebe20c25587b9bac42f5cccc53984411bee7a699c3f8ebaa667671bb8acacc619741806df5fba7

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
7e49b8cf41297004b16bfb442876d6b8

SHA1
e319fb018203568b3450bbcae0696891b97a2d58

SHA256
9b1ec9976c8d35a3fc02c1e07f78ada49872162c4b97ab05c7da74b4091fc7d4

SHA512
c10a6d39d2f2e6f96d6b8938820e548706e10e88894cc6e1f600f39a29d37aeb0297a40459b4552cf39e4d0315ffede61e7ce5cdc1c0f32a60afe76e56ac9f33

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
699567b125351f7f70be3cc898de0ffb

SHA1
635475c384c7066307d46d74c0ac536cfb5e7cff

SHA256
6dedd3cdea0101cfb5c4fdff47c5c242ae85fb40e26eac15b1fa00fbf2ebdd14

SHA512
f310ebc6e0331ed1d22146d5ab80b48ccd33e5c92513dfc367a1ae6455a281a2a63e3e0045fb39150cd6e5269ab7cc8eef7b145d6d69356c86e78491abd5ce6b

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
7bd3f048f15573695af43e3b80f14021

SHA1
98d3f292b599f2329aebb2fd2f79ccace266a3b3

SHA256
728338561e22c09f87d5abd89022d7cdd083f8f8cab0a79586253a706ff55c85

SHA512
cb91acf073adddae63dd6a8bfb9e02e41e7840f2c6f0b81d9d8299d7313d5e0957c52cf35481a910ab000022c37514272a0ceabb970f641c42aa96109cde7fb4

Download Submit
/data/data/app.emtiyaz/databases/google_app_measurement_local.db-wal
Filesize
8KB

MD5
f743ac3e750b043b2c02febfe02457e6

SHA1
5d871270b215c3a07571e44b274b50b930224232

SHA256
9de7d0c84804ef35156d83947b23fea09d988963e57b63a647bab57984d2c1fb

SHA512
7085a509afd905abebe6a2c84459551444479c85ed044766ad409b66e27d7fb3d9c65e56df7d70a74b379e50885bf43269d64b0531f104907a01d6f9e013cb47

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE4301EE-0001-1084-A36A6533B6F0BeginSession.cls_temp
Filesize
77B

MD5
110a89e713f6cec17833f082e2ac218d

SHA1
d2bbc31368a73f6903fd6facc4fc9fb2173fc9e8

SHA256
8251b5c76ebaf6bb6a7997e2f4535112470aebdc26c9a9857971a28a4f88e92a

SHA512
1356a86058d3258e803fdbb39ac15d350b76300e891e0b268d20bfeb57da48b4e63af9d18b6932e37887c50cb9d910111d9c39ce1a317a35c65b8edf69fbfbdc

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE4301EE-0001-1084-A36A6533B6F0BeginSession.json
Filesize
132B

MD5
df06e1248d3c3aa3bc7a62cfaada8d53

SHA1
481e63eb4abfae47e8fceb1ff268e2a84ff10dac

SHA256
1973f2e19d78389b34803d1ae5245fcd457eb9f23a1752f16dc8aa0f94bb2986

SHA512
461574650e761c38b148e9d37b57c8e61b827a105bdb37f4be9b28c2a43efc90ed312f07397daec96b1ae71a12b7727ea713f5dd0a521b27c868b2e7d650c2c5

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE4301EE-0001-1084-A36A6533B6F0SessionApp.cls_temp
Filesize
105B

MD5
ea68f05a3b2ca72fb7551a3162cdd0e5

SHA1
173b0b549519a9a1dfdd024343ab0a1d7534c6df

SHA256
3f9aaa0580c6f0b0248d7ce977748962d3540319dfdb3089583eab2dc8f9cdcf

SHA512
1b03654ca70884396c943ffee3f72b41a8033381040afb36b0fb9ce8e9bdf30221183d0a23b24357377e68f89d3718d526f2a3d2ceb9bd5f2cac8eebbc6132f5

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE4301EE-0001-1084-A36A6533B6F0SessionApp.json
Filesize
219B

MD5
22fef7f07728ad1754c41462fa36d90f

SHA1
e3cc213500398f8fdd08d4e14260d18bdb659f21

SHA256
3afc1bc274d9fe1ec4c8f70634281773bddee5699a4a08764f0c43765537eb8e

SHA512
79358fdb3446882045ffbc11948e9425d4faedd348d0bf9636e64657b002b204942bbdd095f6570f419ddaa7418288543b979ffaacf9d4bc58e2663fbfb829eb

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE4301EE-0001-1084-A36A6533B6F0SessionDevice.cls_temp
Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE4301EE-0001-1084-A36A6533B6F0SessionDevice.json
Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE4301EE-0001-1084-A36A6533B6F0SessionOS.cls_temp
Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DDE4301EE-0001-1084-A36A6533B6F0SessionOS.json
Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
391B

MD5
e1189146fe2f1cecb3413e2d0ed4bee0

SHA1
4cff30bdd6009751bcebc1ab1f40e4086e1d3d7a

SHA256
20628341944e94998befdb6e09b7dfbbd064e5eb3a26c68f997543e8ddfa0f4e

SHA512
d8476999b14a9e2e6a32170bbed2b61e6b945f5930b0b5f38b8bca8d26e9f0a841c2e52a038e99b8d3e3c6b00c8ef53fabd1db7f0956773e857ff73a06d95001

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
9613adadbb43090843dc02f71204416d

SHA1
b1b0d8f2aeb3d35e646083e29a5b1f2f7d2a63b6

SHA256
83e79c1760041b660c45efaa632c5aa3083a4fe86c0a281caf591f9b0d8233bf

SHA512
491abd93257ff9c72565004eacb6073b7e3b789b458f90ab8a407fc10a66b016d4526afcccf9ef9ead268ccdfdc695ca0145501318abda06f3015d65133c98d2

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.emtiyaz/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_aedddf59-8b21-4e1b-8971-6682ce1ebf49_1716379205389.tap
Filesize
317B

MD5
e28bf2e4d137cf808c3ceb8cda45dd1f

SHA1
de8e98fe3736ef5429c457d45a3cd02474da8697

SHA256
18d96f8360763cc6b494f00eb9319289cdb673586e4c3ab5e3f7ce68e06bc064

SHA512
ebd31d21ffac788cacf84896397bf46839dfa26dfd85ff28caf6d8ab6170fc03c82dca302341c05c3862671e6d45d1b595aa811de6b3ead771262c413cbb1597

Download Submit
/data/data/app.emtiyaz/no_backup/com.google.InstanceId.properties
Filesize
63B

MD5
4405687ace9d15fbdd9286258f3b8555

SHA1
0da1ae6d8c59798907797ec3b2601f608f89d875

SHA256
52ca1e8fe4220fc37ed9cd3def3ff6aa9fddd425a89deeef2f71742f31cb868c

SHA512
d0bbc0fd4808cd233ad7f8af09fa63dbfd9d4716a3ea29a00c9c16870e67a1b72b24f6383c7b1569acd19c2ff92eabe5b018687dc3ce4209b6704f40efb67425

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads