Overview

overview

10

Static

static

10

daa7874459...1c.apk

android-9-x86

7

Analysis

  • max time kernel
    16s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    daa78744599ce43d41e3a7c99ffe676642f763855ff9bfb39e12a2a9229a2c1c.apk

  • Size

    8.5MB

  • MD5

    557f116f9686f6e766cba9e87448961b

  • SHA1

    a5eef5cf8bbbd5d14b5960240f535c20988094a9

  • SHA256

    daa78744599ce43d41e3a7c99ffe676642f763855ff9bfb39e12a2a9229a2c1c

  • SHA512

    95a7ece1dce844964b84b5402bf523d4a3c0044efbdd9a7c55c2bcea89092d4932ed1224276bd1260db05d862f52e942a5e2600b73a5fa3d95bcebada259a0ce

  • SSDEEP

    98304:S/W1A9XMxaaBgv64eolPT7JWkPGKFEG9IcMMIcAXWhMPVakh7apeRsMuhlv/7OxI:8eA1MF/suKeOIzwlMPNMpeRjO37+DsCY

Score
7/10
discoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
    evasion
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • at.math.arena
    1⤵
    • Checks Android system properties for emulator presence.
    • Checks memory information
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4298
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/at.math.arena/app_xcnzesjodtw9w0rltyb9/arena.dat.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/at.math.arena/app_xcnzesjodtw9w0rltyb9/oat/x86/arena.dat.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4377
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/at.math.arena/app_xcnzesjodtw9w0rltyb9/wQsQeTenj.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/at.math.arena/app_xcnzesjodtw9w0rltyb9/oat/x86/wQsQeTenj.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4401

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/at.math.arena/app_xcnzesjodtw9w0rltyb9/arena.dat.jar
    Filesize

    460KB

    MD5

    4e5c37f2414fe79ad6976687bb3bd648

    SHA1

    c6209c33173181430ef554aaa841e404db493efc

    SHA256

    372ebed6ca17dab1d3feb4cbbde047c5c43b575733f99b928c2d1cdabbd78999

    SHA512

    71614f1df76f97b95aaa69036e6b7ed379ed1f9efb28fdea41a2160afa8640c0a9cf124012228b9214431c66467727c4c1f63914b264db569a32057c8316d8b2

    Download Submit

  • /data/data/at.math.arena/app_xcnzesjodtw9w0rltyb9/wQsQeTenj.dex
    Filesize

    4KB

    MD5

    51e94882ebed58d40141a3e78953e052

    SHA1

    b7959dc799b5e6ccc213a7a6e3c641f2ef1be668

    SHA256

    0cbed1658ecd04c874c4ac12fe23fab0ee682729a7aaf512361e7f68c6b0ddd6

    SHA512

    90ab8d3945b6b1f709465a138ad805db216c3a22e0cc5231d549b2456f66adc4b48f2bd361d87d2461f169699271d06d6dec1aed32fd226dd2463a9f6b77df04

    Download Submit

  • /data/data/at.math.arena/databases/arena.db
    Filesize

    491KB

    MD5

    36a7e572f637bd9781e7bd0f4324d137

    SHA1

    7e94b665f60ba86e79d11ebfb8d648fb916725ba

    SHA256

    73be24bfc072cc91570e36788de5d091ee430556ccf6aacbc20100b04e173f86

    SHA512

    a8bad09572194b9608b71043bc5d44e816bc232fc1c798cece1e003b6ef1a488b196c345cb86bfb778b391d9de45934d5c37c65f266ebfe82c2a09356e79850f

    Download Submit

  • /data/data/at.math.arena/databases/arena.db-journal
    Filesize

    1KB

    MD5

    8c425aed2b43dadcb160c6de408ca011

    SHA1

    970011f2760ed54dec6021256c738c90e486d97f

    SHA256

    1bac22d335a65c58caff1e98843d0c71a4db46bf65bf79b0bfde9f7c5b80fcf5

    SHA512

    52fd9de7210991aa919e28ac315d5a087e1a0c8462461271d11621864be3d28ef91bd92c2a0d44084211eddd289928c329af888da7c7be8d2bedab4a4b6e2da7

    Download Submit

  • /data/user/0/at.math.arena/app_xcnzesjodtw9w0rltyb9/arena.dat.jar
    Filesize

    1.0MB

    MD5

    09059f52755601f71e582c749edffe36

    SHA1

    23cd81aa50e8960beda61aaf77d7decd82f00a17

    SHA256

    677930b3ad63dab001d4a348c5c18287030dac767f528e68be3a3267006f852b

    SHA512

    1c1f8a1160c39af89231d444e67e96615b538e76220388aa6b267760b02398c80f292f86347820049734f7473cf30f2f9e2cd77564e58db9510a2162ac079e82

    Download Submit

  • /data/user/0/at.math.arena/app_xcnzesjodtw9w0rltyb9/arena.dat.jar
    Filesize

    1.0MB

    MD5

    50bc0ee2d53da020c4444691f8ba2a85

    SHA1

    57b245752b22cabf53f4895353d49ce641d42114

    SHA256

    6a83479f101dd62d461f403beffa7e925d5de0840431eb70799a97dcb59b7154

    SHA512

    e00efd29f5272e4d140e1b20bcaf3c4340aa7a73fe034ec6b1b06b4a1584841c661e2d88f3b0c252f8f2921f23d30fe1f616e077af2ca7fb0ca2e8bab9e9abbf

    Download Submit

  • /data/user/0/at.math.arena/app_xcnzesjodtw9w0rltyb9/wQsQeTenj.dex
    Filesize

    4KB

    MD5

    0ddd16b4f3e941de801f892af27c9549

    SHA1

    c2a1b424e8410cc1f2b8101de0d09bcc17504594

    SHA256

    20a5cec9ea420f358f4b5cce3706671c74ad12dc5af1d64fa03f43aa5fe81c0f

    SHA512

    2bd6dbb3d033e66d1e471cca0ece93494b76991ded3e8e1296ae7cbeb178bbeedaf106e318b37a3b44639dd3f33e2baad7ede9383bf3905ececc6e8902b6726f

    Download Submit