Analysis Overview
SHA256
c4b8b705b5c404c51036dbe73b3853167725b3491a67bfadef5b4590692e2d07
Threat Level: Shows suspicious behavior
The file (opt by vgph) NovaFlare Engine.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Listens for changes in the sensor environment (might be used to detect emulation)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-23 11:39
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-23 11:38
Reported
2024-05-23 11:43
Platform
android-x86-arm-20240514-en
Max time kernel
7s
Max time network
168s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.NovaFlareEngine
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | static.xx.fbcdn.net | udp |
| US | 1.1.1.1:53 | m.youtube.com | udp |
| US | 1.1.1.1:53 | images-na.ssl-images-amazon.com | udp |
| US | 1.1.1.1:53 | en.m.wikipedia.org | udp |
| US | 1.1.1.1:53 | a.espncdn.com | udp |
| US | 1.1.1.1:53 | s.yimg.com | udp |
| US | 1.1.1.1:53 | ir.ebaystatic.com | udp |
| GB | 157.240.221.16:443 | static.xx.fbcdn.net | tcp |
| US | 1.1.1.1:53 | www.instagram.com | udp |
| GB | 142.250.200.46:443 | m.youtube.com | tcp |
| GB | 23.59.171.9:443 | images-na.ssl-images-amazon.com | tcp |
| NL | 185.15.59.224:443 | en.m.wikipedia.org | tcp |
| GB | 87.248.114.11:443 | s.yimg.com | tcp |
| GB | 88.221.134.131:80 | a.espncdn.com | tcp |
| PL | 93.184.223.214:443 | ir.ebaystatic.com | tcp |
| GB | 157.240.221.174:443 | www.instagram.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.co.uk | udp |
| US | 1.1.1.1:53 | urnvzpoyzpqvuk | udp |
| US | 1.1.1.1:53 | sqasywnsp | udp |
| US | 1.1.1.1:53 | iulfmdpwmy | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | semanticlocation-pa.googleapis.com | tcp |