Analysis
-
max time kernel
18s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
22-05-2024 12:17
Static task
static1
Behavioral task
behavioral1
Sample
Homsa.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
Homsa.apk
-
Size
8.6MB
-
MD5
0ace9f345bcdd194048827f2c3deaaf1
-
SHA1
7382f7d075afba92e586c89e82de42f32b6d5d47
-
SHA256
cd02acb157e57ca60729f5fba8e4820a6601ec5ca438b11df195be471efc1220
-
SHA512
ac6c55b271d5574ee10de1667a2ec7041b0cd184a41a606faa3681136f54ab48bac1f17cddd5f90bdecd25e2ca992193860ac13dc077da282806cc137b39bc53
-
SSDEEP
196608:5nOR5bq9vreDeWo8SgaJo3MPGwXcdwE/Qsjx9sY8zN9da7a:VOXW9vKeWodgaJEMHOwEzjx8zDs+
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 7 IoCs
Processes:
com.ernyka.homsaioc process /data/local/bin/su com.ernyka.homsa /data/local/su com.ernyka.homsa /data/local/xbin/su com.ernyka.homsa /sbin/su com.ernyka.homsa /system/app/Superuser.apk com.ernyka.homsa /system/bin/failsafe/su com.ernyka.homsa /system/bin/su com.ernyka.homsa -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.ernyka.homsadescription ioc process File opened for read /proc/cpuinfo com.ernyka.homsa -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.ernyka.homsadescription ioc process File opened for read /proc/meminfo com.ernyka.homsa -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.ernyka.homsaioc pid process /system_ext/framework/androidx.window.sidecar.jar 4521 com.ernyka.homsa /system_ext/framework/androidx.window.sidecar.jar 4521 com.ernyka.homsa -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.ernyka.homsadescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ernyka.homsa -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.ernyka.homsadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ernyka.homsa -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.ernyka.homsadescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.ernyka.homsa
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ernyka.homsa/databases/com.google.android.datatransport.eventsFilesize
56KB
MD52b855e053db42c985d80f97123555999
SHA10f1b384ca1d49413a42eb37bedd4dc2805a2216a
SHA256dbfea1db5b8d9a91d117fadc540cd3932d95d7d01cebab363780f83eeb25f1aa
SHA5121eb0e292aeb6dca67a80e384204850cc93d63f0829a73bc9df013b1e5d2b4a95861c994732151770789dd1bc113fc0c11de9ddc76477fbd2fb2f0fc0ac00b777
-
/data/data/com.ernyka.homsa/databases/com.google.android.datatransport.events-journalFilesize
512B
MD57dee5f9201c5ab8d7a2484d75247d146
SHA107af2136002f83da7b7df9197b99ca5911a9b72d
SHA256ddf766dcda23357630b5ba270ed065e9bb452479fb97f875cb954a20660a4df2
SHA5128c1ab8db4863c5fed9fa9f0b19bdda0c72bcc92329535543306128636987682416e43ac5cd6d68b258b4a1e792f08ca2b962ceb625253a9b329ed2bd831e6152
-
/data/data/com.ernyka.homsa/databases/com.google.android.datatransport.events-journalFilesize
8KB
MD5cdca5972dff6de36dfef50b3fd64eb36
SHA11158f5a144017e0452983cc4d563a0517cf5d972
SHA256572dd63554a6a787a23c8eb56725f0e6212b87c4db93c3d82ae33320d17c787f
SHA512a18e1076e86ebc09e1b5c64b2630b3be95f2f177c0dde7161fd94559b1c6f7eab179dd066cf572c3565a18b78f72222b74e6d4caec1e9e5967b72eda1ca02269
-
/data/data/com.ernyka.homsa/databases/com.google.android.datatransport.events-journalFilesize
8KB
MD564acf2c8f99f26527175e861c9db13ea
SHA16b8f4b85363d26bb13e29d9417444645f0f2154a
SHA2566ee5eb7299d964c5be3585c377dbca45cc922041197b61ffc45925f39576b011
SHA512f8b799e70303d2fddf3b27ac43b7f57f048c0e1ae861ef1668aec192c01f8c22a17bad1416cd83fdb2a489137391922ec8263ddf598596c5900aa6d8984edc67
-
/data/data/com.ernyka.homsa/databases/ir.metrix.sdkFilesize
20KB
MD5414d4652a6c278ac854f157cf8c2c9a5
SHA13e405a07595dd58f6f1d3e537b1c6a3752ec7164
SHA256348cb726f7dcd378d1c9f012d8b9a6d53ed6bf8c11b60ab0ba589ecf8a7a8281
SHA51299ae8d58d1942453936a99adfcf505763e58a369b6727a4ec23d6e026be990e92de7b92b9c7b89e34911e6fa641c85b012f0154af2b2115ebfc411b3bb49be16
-
/data/data/com.ernyka.homsa/databases/ir.metrix.sdk-journalFilesize
512B
MD53690dd0ff564a2150b0a381e86fd6325
SHA1f037782ef3324406783a08a231201834017429d0
SHA2567d396966ccc3fe63e6e75f96417ffd64e0447df9f547241793818f8cc249d301
SHA512cda5a7c8a8041fd762f0351c2f818d5fa0e01837fbd6edb58298550a483cb1b2ec81623b8a82ae19de2e3a5a37d3978f76e37f13ab032ac7382df3fdbc2cf270
-
/data/data/com.ernyka.homsa/databases/ir.metrix.sdk-journalFilesize
8KB
MD516c2e5e76932124db120fdc92232f778
SHA10a6f931b5e392bfddc1d5f2d9be035240a4f0db7
SHA256aad82f02db6199bca3b8f179b861c50e3b6b2f908e81c9c4f7810630e80ac203
SHA512a2ee7ec3dfec5edf689aab9b073d07f7881bed089c74edc55d29705e9189136e392c79255ffd29f798032b4398cb750945bc8fc305c00b13693abe940c1924f0
-
/data/data/com.ernyka.homsa/databases/ir.metrix.sdk-journalFilesize
8KB
MD599166494b1b1db1bad512197b69383a2
SHA1432be160a2475b2532fd7990ffccd3eaa9321c31
SHA2569842d4bb075c9528fcc2bae28e2ae00d4ea4e4fe2f33d871c4906d32e55a53c3
SHA51285134dc0b5dddfee9c5542180e3e0c4fd28ccca2a57f9194adea153f7ed6e1817efc9404cc492ea18eb9b6e07a84603c9167b333defc5b60fbb605288e1830f9
-
/data/data/com.ernyka.homsa/files/PersistedInstallation2404074587461295014tmpFilesize
565B
MD5531c7f49dec35d825cfd4824fb060229
SHA122f9fe57e08f0fdeff94a74017688e411379ad32
SHA25612531bfa39185743fe41f293c7c08def0b7372e4d0fe3ac2441b1f3a3705b2b2
SHA5123f24b6690d3531c99a72acd632a37de657ae48e17d07ce6a54f93515539b87365e63673e236f3c0395dc6921b0d47848cbe3c806eb3a2816a7d6467aa7a30af2
-
/data/data/com.ernyka.homsa/files/PersistedInstallation7413037872618314198tmpFilesize
90B
MD5855363eb5672d437433c3b32031717a2
SHA14ef73ae0a1a3ebe37d9c0ef89df938a3a577640c
SHA256f36ef7ca3c7e52d67364775794ccd3ab93913f0074a35e7840c2601a31d85c86
SHA512e6beb8483d31c1416907ef4951523709caf792bb951d001322c99eb1e133c49570147614e08482024f9b52628a0063c5cc949df33de44c4d3e575078f27606c0
-
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdbFilesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb-journalFilesize
512B
MD52bf5e8337a4f05149d84e3ccf4e29abb
SHA115de2d83954f1841ddea596d9f0fb64669f1c105
SHA25612a5f66f9614e68eca885ff7b1e956215915649fb061fd612a5b223fda5d4380
SHA5126b7a03ecf34c63942560bf47a37fe68f598a7a746e81aedc5ef46ffa4c87da815857572dfc329c0297f05d4382ad774e111df85cff9f1e4daa3d9cb5401014f7
-
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb-walFilesize
16KB
MD5af3c0fb764c8bf106a06417ca6a070d9
SHA1b7b69788c0ded4d9e6e6d24beb178b38a2e29604
SHA256a28bf5acfcedb541bd657b7f6fd92ab4e2b488f53057bc8a63fdaa42a713dd6e
SHA5125215406e6bbe49f1366183a8efe55065a25bc8435587b98e80474a6f172f47974945cf557aea1605b2d48196816d3e530d2b41624d810285f039782cb07d6906
-
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb-walFilesize
108KB
MD536c66d962062119f248592ed37355491
SHA140eaa2974d3a3a7ed356affadd51912e97270544
SHA2568f8dc3f3e886eb1ce467ffe191d4e67bd574c92250ec6d0afdf6edb43505dce8
SHA512a1d01d2e9ea1f8566e77023a51e4c3bd0350964c24932a44735e2ffbb2ccab0a238c0ccb4bef5f2f87efe7e404b7a341df78f9731b7142aaa28861db4232da97
-
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb-walFilesize
189KB
MD50c87f0ab90c49251910290832d3a99ea
SHA1e8133bc5f543686f293914d77fd5f96eef48db06
SHA2560510fec01f760a61dfd9a5a865be1d3ee04eb6521cbb20643903b3079d8ffc40
SHA51208a2424334aa2aef0a1d98ae7e123ec1647199b9dde3517bcf4a4b36726722c0996261fb08b1641fb22dae8337f9a1a8c2290c26a79a74db5b5c3d1966a4e750
-
/system_ext/framework/androidx.window.sidecar.jarFilesize
12KB
MD5bdf3529e80318eb14e53a5bf3720c10d
SHA125c9ace4b1af6e80ebb2572345972c56505969ba
SHA256bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA51248b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b