Malware Analysis Report

2024-07-28 14:45

Sample ID 240531-yxcwpacd73
Target 8833b5c53ab3d220cfcb5a723ef0e1c0_JaffaCakes118
SHA256 af3a56a931a304947106f0e475a2f4ac454b24e10ad8523e47a57ca0f91a6e6a
Tags
banker discovery evasion impact persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

af3a56a931a304947106f0e475a2f4ac454b24e10ad8523e47a57ca0f91a6e6a

Threat Level: Likely malicious

The file 8833b5c53ab3d220cfcb5a723ef0e1c0_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence privilege_escalation

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Tries to add a device administrator.

Reads information about phone network operator.

Declares broadcast receivers with permission to handle system events

Acquires the wake lock

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 20:09

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 20:09

Reported

2024-05-31 20:12

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

160s

Command Line

com.plexnor.gravityscreenofffree

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 N/A N/A
N/A /data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 N/A N/A
N/A /data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 N/A N/A
N/A /data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.plexnor.gravityscreenofffree

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.plexnor.gravityscreenofffree/oat/x86/.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.plexnor.gravityscreenofffree/oat/x86/.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 analytics.appmonsta.com udp

Files

/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁

MD5 254158aa405538310a2c7f0d2975ae82
SHA1 86ec39317aa612876d5b885079433d79de96e50a
SHA256 fa3e87d9779f860ac034182c5d70060697fdb68262fb7d345bed97d1db7ec48c
SHA512 07b17a4e93c62c365703227e9a8c0606aa922a505cc36c76ba8d4f5ef3365524bbd69eef688a6425c755841ae116cfcf0081cc6806de73a43eb498a414ee5868

/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁

MD5 f56179025ae7eae2d729accc44f67a72
SHA1 f957cf417cee1d44b0d4d173e346bc7d83c9e815
SHA256 07c43fe3e41590bc1f31d56d943641d0c5b9ac7062b686e844a471d52b9a57c7
SHA512 86241d1f0efff602251f6bec1c5d0834fb88a62c12eab4da0b03c26438ce84d03a47fe921a83350ea9674035775c6360debb1e6bbc0b964cd192008427b56f0a

/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁

MD5 a07b3c15a2b5d6ed706fd2bb32188f30
SHA1 4af8f54f63d8bb9bb42c6887f3bc1a56c756b539
SHA256 5ad6825ac105be18ba1a6d3e85297c300b12eb225ff73d29b72b9188d7a3ab4f
SHA512 4083c9cdd9a5a1e76112c52259e97f4ac49742f368635c1a717fe4d1eaf511a37e2b74a553bd8c359340b3d8316b0cb198ba47f1406f6061140025939a80c951

/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁

MD5 4a6638940a09a510f37028ad22f5c078
SHA1 73586c7f70fae7486b4d7d4d97bfc75ce29b4feb
SHA256 6ec306de221298a2de39650c4970431bc34e82e8b3e7fcadf4998c9cb82dd06d
SHA512 ec83d9faa8996b2dbb57d290984bbad99dc3b9cee24452d38479d9d02105ea1dbaad3dc61aaefff72abcdab554d559d4afd8b703e2529c105fd7fb2daf73aa93

/data/data/com.plexnor.gravityscreenofffree/files/gaClientId

MD5 0e08934e7339970c6dc1b68d55adb7de
SHA1 9654983f07b5382c2127f51b49e15307e9de6b43
SHA256 fd34635f309e0464934bf2fab74841287de35ef7ad79f00f49ad758606dd5f92
SHA512 c24893d4d2c691a92e4ad21cdcff134fe07c09d2047a07d427e9e940323f0e2bfd79239aeba8eb6e0aee9fb992e4ab7341e93862eeef17ede73f80d411771260

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 a70e83f962e620de76b0c0e0e1938c67
SHA1 cfe91b52fa35e8e1b4032edeb25c6b9d367705a7
SHA256 e2c10ab72122693e4e3e921f372f9e9f4c831cdd663a75e024e8b6dd12298652
SHA512 20198835c6340cec604f23148c1b7ec0bf70483e2501fa524776bc944010a234d442806e1ce2c10feb70fecf594896b1027c6ff3551f07f2584228aa1e538026

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 a8dd9ec6fbcb5603d0b43af3fb844288
SHA1 e20293fd9d0098df0b7948b534007841aae723b9
SHA256 9870461a6d66e37de6475b9dcb9736ddd5e4f4f2d9b0c7bc0517ba3647c6025b
SHA512 c5a548be3eba18de0ec8de3357d0fccfc3e4b159151cfc3f1b9a3624937b11a2d98ee68967510db5d2524262508acc20248ba9da0eca39bd339687f232254a58

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal

MD5 a2d4ab27572762e4df7f280aa5174ac4
SHA1 a765373b94adce1759880df0233fa4c72a124b84
SHA256 7e2670a1c89aec8860326d6b65ea0b389768da8113e88f2ca37c38f14db9cdc0
SHA512 302c4e3e9d4e01d0e7c90c371bfa691cfa0e58d36473d02ae2fe2dda8f9f68e40eb44059c8be9df7046b86efc54a9c99c83cce99d6407b0b9c4e628ff2d255bd

/data/data/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal

MD5 73dbe1639dfd76348fea8b3256f2c099
SHA1 f95c89f6c295aa715d9163664ffd9335468aefd0
SHA256 babe89cd21954643140b7b04e12a095bbb0ce8617d5c530cf18b5c046663b40d
SHA512 b0af71cbb8213224d791aec0b6c09e679619f6cf218c4fa46c258fd0bad933aab52273b88607767b460e068b4592c21a31dfc4ba5297b69209bed3ebee30ed88

/data/data/com.plexnor.gravityscreenofffree/databases/gravityScreen

MD5 ee8a1d1928973bcb281746f28a7bde78
SHA1 716fbd69ac914a4ab288ec04a47624e430a38814
SHA256 a996ac84d4f387370e0b5ab9c406b7295effe0ecf084f8647da8874124480691
SHA512 9612c62df2b7f3c11c9bf281e65ed615367020a6430036a2a4a811a7de6d9ff9ad3ff7d7712c66ee8a01e458cba05822eb029cae47cc4c4814865ccc44fdaa07

/data/data/com.plexnor.gravityscreenofffree/databases/gravityScreen-wal

MD5 dee182d6955767573723218226f873f3
SHA1 8cbc2a25e10d79caf216d3c6d8da1af235367cf1
SHA256 b9655616b98b291b7141530dfc0ad8dc6a36478b89b94203f36b751521947536
SHA512 363b74bb0a91296efe5e6a0125fe0367f4bf05c0ff9e378d4e314a221806bebbdee7175ef60f69852bb565cb7cd2fff7e0923dfe06df6ac878d893bbf08bae05

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal

MD5 370cc37f5f2008002b3cb1fb3a3ab64f
SHA1 2b2e6881444ba2511170d6894085a49e8bb56881
SHA256 3a44ac53f3307754e54b38cc07c20e551eccebd10a6416b941d361ce9c33582e
SHA512 796119634f11189027af20cc94c30f185ec8c67504a12d72fbb3d077217110f37560e84945074548b965f51d9269a37d8438dcc0432028260893ab2258af80b5

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 0bef6b7a46c12faa8090b47ecf02bfc9
SHA1 8e4043a3c3be2f52eec27ed18b956c21c1a69828
SHA256 6af3af14cff8f813d98fa7def414157982b84581a79454a201742b0c99003705
SHA512 d2c7951ef334815a952c8671d11e0b643af381df0deab43f5915915dfff20be8abfc5e182c445c98a7f57f7a8e67199412342598df850c7e64ce446c36fc9a74

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal

MD5 fbc4ee02625960aac78ad5e5856aef91
SHA1 a55c4eae69cf46e646c93fc491ea2b5cc6a02f93
SHA256 e8c62687b8a274e63df81773f8e17236909fcf332c80e8529ae4d6c8eb63d41d
SHA512 caaa6adf177c1210a2f75a9df92e94070874520f4ee27f25a7d361396e26c452a49ad76bd0bebd32d14dc6a697b2122fb2cb54800b6f24b976beb9e227d04a5c

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 1e936585d7ff2c64a467884fc96a81f8
SHA1 39f81960309d1371411ba814581d0555d4e58e7a
SHA256 36c19a1cb453902b9c60d4d67c95eb0f9c54856e7f9c646ac07cc105ac6464dc
SHA512 faeb921341b7379e6986207112479086d19fef5bc497bfca56a41052b1a8df16a9b10176e8a9e26bdcebf967c23238df6f11ba01906a15f6df6f6db32d7b71bf

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal

MD5 d1df1d83d7dbcfe4c5f604a76a130e66
SHA1 a26ad9a979b1eafac80346587f28eb80532134d9
SHA256 7b4ada27e1fb2c4df23479f3ee405cd873418c366137192b0aebce62a5c99f97
SHA512 02e226c40699e25d182062f5f6d0efa760463d8c58d6d82d1df7e14fefd440f8d07513d410af8bd883d2b9f892b0e0da5e73f10eda770ccd262e7b7be8ffda50

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 fa8182591895d3623593161be1df88e9
SHA1 ff3c1f85c5d37452486bd28a11212c0f77eb0e30
SHA256 c3763de217ef7478a3a7e3c351000041ede012766f6f56b89b8d2fba90c8f48d
SHA512 ada6dd8b55222d479740b23372287cdea1f8b8c308df0105ddc0b00e8d57c3fc9eca7f460ebda95828a32337973f6933b1fcc5e803ea5a06d60a680586685e31

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal

MD5 88c2dfe144dabd116f5ae762b740563d
SHA1 a074e963f3e58faa003ac24f6fb76cceaddf8ac2
SHA256 1b2e08822cb5b4905bd1287de5f752de5f31089a203f18a9ae5293fb1e7bc57e
SHA512 297e02ff965ba0075704570e667a6e640ce908b5c373ad00f4529cbce34e7c6f8bfb16e8dba4ef26c017f67b950ff24cab657a1f8fafadf0c0fc84857a208627

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 7a01a3249cd739e54bc67ef76579d557
SHA1 133b3a2b13c7ea3714b860bc8630b1d284f48dd4
SHA256 8a94074a5fe926012a9bbdfeba937cb07bd444893d3917933f870c33bd2b0d83
SHA512 05f3a8d1f52bbd9d45e7d08dc36872983896d17228c77a2d654740fb0bd6c3cebc872baff8aa3f29893254addae4e44a84b8b08d32125dd5ccebd48e3f95cfec

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal

MD5 c6bea5a03c774553021fc22a52d8e60f
SHA1 76cc2d61d796c2647a92867dffc069296c607c57
SHA256 9c8de0c683f63bf596ab678574f08869ca8e3770b97497423f675df7250f9c8f
SHA512 0245fd48adef80e51f416663e478d2e485a6b66dbee363c7abc83ded9c90791362fa10abea02f38cb4f674bcdaa0a580564e408d7525daf662db688622ebbc53

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 d51ba193309275e1b2da57798923adb0
SHA1 b3a46204aca16d5338b0a4de1871594a391968a1
SHA256 162f442307f6c0c3cb03a7f742240d7a029ef5d41c888bd5231d814573762981
SHA512 628de8a9890c1e357b787edd6c406ded49bbcbeed7c99ad3d1793840f4c97123b1387471628e54d21a9cebb3246c36a3acf7b8bc1ac8ec4d98ff2c652140264c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 20:09

Reported

2024-05-31 20:12

Platform

android-x64-20240514-en

Max time kernel

179s

Max time network

136s

Command Line

com.plexnor.gravityscreenofffree

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.plexnor.gravityscreenofffree/.樼져匼 N/A N/A
N/A /data/data/com.plexnor.gravityscreenofffree/.樼져匼 N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.plexnor.gravityscreenofffree

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/data/com.plexnor.gravityscreenofffree/.樼져匼

MD5 254158aa405538310a2c7f0d2975ae82
SHA1 86ec39317aa612876d5b885079433d79de96e50a
SHA256 fa3e87d9779f860ac034182c5d70060697fdb68262fb7d345bed97d1db7ec48c
SHA512 07b17a4e93c62c365703227e9a8c0606aa922a505cc36c76ba8d4f5ef3365524bbd69eef688a6425c755841ae116cfcf0081cc6806de73a43eb498a414ee5868

/data/data/com.plexnor.gravityscreenofffree/.樼져匼

MD5 f56179025ae7eae2d729accc44f67a72
SHA1 f957cf417cee1d44b0d4d173e346bc7d83c9e815
SHA256 07c43fe3e41590bc1f31d56d943641d0c5b9ac7062b686e844a471d52b9a57c7
SHA512 86241d1f0efff602251f6bec1c5d0834fb88a62c12eab4da0b03c26438ce84d03a47fe921a83350ea9674035775c6360debb1e6bbc0b964cd192008427b56f0a

/data/data/com.plexnor.gravityscreenofffree/.樼져匼

MD5 a07b3c15a2b5d6ed706fd2bb32188f30
SHA1 4af8f54f63d8bb9bb42c6887f3bc1a56c756b539
SHA256 5ad6825ac105be18ba1a6d3e85297c300b12eb225ff73d29b72b9188d7a3ab4f
SHA512 4083c9cdd9a5a1e76112c52259e97f4ac49742f368635c1a717fe4d1eaf511a37e2b74a553bd8c359340b3d8316b0cb198ba47f1406f6061140025939a80c951

/data/data/com.plexnor.gravityscreenofffree/.樼져匼

MD5 4a6638940a09a510f37028ad22f5c078
SHA1 73586c7f70fae7486b4d7d4d97bfc75ce29b4feb
SHA256 6ec306de221298a2de39650c4970431bc34e82e8b3e7fcadf4998c9cb82dd06d
SHA512 ec83d9faa8996b2dbb57d290984bbad99dc3b9cee24452d38479d9d02105ea1dbaad3dc61aaefff72abcdab554d559d4afd8b703e2529c105fd7fb2daf73aa93

/data/data/com.plexnor.gravityscreenofffree/files/gaClientId

MD5 ada5e0d5d0cddecd0b0967ed5d0d235e
SHA1 cc815e632ab867df0f7030f257e832d1db859271
SHA256 0312ebf00b8ce7dfc1bb77cb01fa0ad62d59342d3da1c2e4077524be75e03963
SHA512 30ccb3eb8a01c15e10a779b666ae3796588d844ebc8e7d127949bda5be2c2f9ba75af1014012d2c80ec4f03c84f1c5c08a1eb6a3580e46effe775086826f83d8

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 c935cb573594be6982785f7901259f09
SHA1 644a17c998207feed89d191a0ecfbf7d7ac8f213
SHA256 86e4cb89944a20c280f927ac97bdce74bc63792e49deaacf2e7778d8568a637f
SHA512 b6b7baccf31d0b851eba5731629dc263cbc8b7e746b16ebe662e0c9e446e76ad759c619d07b6a0edf508ccd6c0f9db8b5558ea8dd11211c71abcfdbcc1f8f5a0

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 4578ac9e04c183c65d81a2dbdb258e38
SHA1 7c3aff9ab6e46f185b6f1289e0ffe35f8eabcd45
SHA256 250558979ffa002d0c8fb387f82ef00db83086938499e67e69565a8acaec620b
SHA512 2f218d1f498a7f8691bca8d65201d53a8d8d4210ef40e33d575b60dac2a01fe8893552073c9accaedf3de44ce3fedfcf847fc9270a213f0a1799ecb46031ef55

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 07265c2506513e7ad2a0af39efe73ebe
SHA1 3cd40a3572ba464a4ef4175b60b5000b6399d89b
SHA256 bf1715216e41e6a1627cc367d2689ddac8794fc8cff64f8a8193bf010f3c5933
SHA512 fc7bc39a9ead84685d0bb3c1ea7c1f3b5a0093a7e65a527425213db994e1d4150f627dd8825ec002ace94df755886fe5c2d583a2002ec52e5c8c3c4267dbceb4

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 8ea110296ad4877184a52741fe5fcabf
SHA1 8a1914efe149d7830246c271e23f26a9d8d6f6b0
SHA256 b71ccc28c5a384c5174a96761ff1087d6cce1638cdfb809f23d774353c9803f7
SHA512 ba474d3721067a129ebe8b62a7ea3c1ab046b1d434814773b2707cc7cdfad58e3f3c49a04fde35ecf3a006adf979da6148bec0941f51fe5f647b254ccc3d26d7

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 a7ebece6e980428fbad89be210983bb6
SHA1 bc3432b3b6fa44b4d6c3bc947990396d5623b765
SHA256 29550dc69d246305e45412e29597da58a3f724e7e212f20282a57ba1ec041992
SHA512 14bae385a9305a2713bedc2db1d428717e3b15e4cfcf000584afe8661aa3cb8ddd2b12dd5517754046891fb2eb96aba8a32155dc5a367c7e3955674dc8920eaa

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 329dc66246bb8abe2bfc25bfdcdca8ff
SHA1 3a3bf5c46e16942039b72a281dec3193569b7c7c
SHA256 d3f37dbdaf395e118710a60f0edae5f0bdf05676537481ac7437db8d7bfc30d0
SHA512 b9589b4082c11d034523130907725bb52990777a52f74832a39ae5e779696fdd6bf91b0065c66b382a246659430dae2043a969e2f812ff9edb8e97fcab945e22

/data/data/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal

MD5 ebc45ac16730c2ce044eb8fa43cbc83b
SHA1 5f9e3aef7ea3298113c1bf4b309622a8e71718c3
SHA256 d7da478245e374eaf490c65f8601caac6dd307607683475676812ec7556d65a9
SHA512 da42c2757527d61b770710fa16ffa9f0d2cd1713fd692882a5332329330bc650dd351aae6514dc37aaedaa0a819e952c8027f8e91fb3677fa5ede26b6cff5aa0

/data/data/com.plexnor.gravityscreenofffree/databases/gravityScreen

MD5 8ee220970d2dd5c8a780f5e0a08e101d
SHA1 d3f22388f68842633a9a054c4b2e15768d79dae1
SHA256 ac46855a742a02f8a668240ead35dbde60b932b931792f8cbd135d394e213ee0
SHA512 62357cd9bf534fb710dbac90834b088bc8d7434393788e92274251fc0750b6b7daa3c38ce1c7a883509e82e63ba7992a6a3385ccf31892589caf66f765c91a73

/data/data/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal

MD5 f986f7fefe9e8ce693fc0a96d746108c
SHA1 7e9c620a394c09efb37d2b1111ea53642f33dfe8
SHA256 732a3eea1a0d34c1c4645b55f000fd4a6c7985cdc89f809b6ab19e873ede4bc1
SHA512 95ef960874e7dca3bce82f8817e7ee25d6e08a77efe0f58ab2de6a51194698158f87f43e2b0978542367e044234c20e0147958faf1d2c3808e2ab817e862e1e9

/data/data/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal

MD5 ab1e5827720cb006a27467e0edd6e630
SHA1 a6e9776737874ce405bf60c154e67398f2769c1b
SHA256 627505ab2668fe50233f12300972c2d33ce089a1fe8dc81e97676b60a6cdf4ed
SHA512 f0948767c65d63e3afa43c5c23c9d3d2659535e997a9ab49920173799d99049dba3e63f2d0f4001a7335168af58fa6e36e05535a364180812e0563524da0e822

/data/data/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 a9527278428c0578a2471d43d8d4ed88
SHA1 042df1975aaf2564534b9fb16be305d8ca34caea
SHA256 2142cb907b145f918a0008cf8f591182da46c9592a46bc977a344bf0ed372876
SHA512 8193c97b26e2a04c88f84a702fef10284cd83d9a17ec0b7396cd1a2ed4986a35aac0e43b61138047927abd8bf1e2b3a0aa9d0043656cdf62a6f925fe8590da43

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 8e5c84cf189ecc94188f3a5091734f75
SHA1 5dd938be01dce9a00513d17babe4890bc2ebf065
SHA256 a040593f039501ae46492e76bda574ebe16ea0257f00f82a0b9008b2a7658f2d
SHA512 88827e1773e8fcdb98302688149f35f272215b91295a71449d50f096600a75758fe926f2f1f803501d82c7338af38055b3599d8f4940436d97790eddf98b4772

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 212c12be4dae5b267598afd309b3cc95
SHA1 5a07201b6b1a213779ebba4ea937a38cf60dd71e
SHA256 19590c6ef6dc9971441c48d230ddd5682e35235df262ae10a6a4ec15fdd90ae8
SHA512 ca4a5bce1c45816b3969f09c1a03e72d3fc2c8e365297a7300981688655959c420756c32a9509ac7b8a8f6ad2c52e2fa8da26bdc19727c002345ef230785675c

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 bf9c0b45437127ab5aa7b782a8cf3db6
SHA1 2b370214297e23185c9f5592370af321824c7d38
SHA256 51c193a7b912dea83cfaa44cfb827d7470bfe2bc453eb52dd8bd4b5de86f4f61
SHA512 e00b025fe42f4917db692d6ad774cc0ea57f801bec376bca5069e771f5fb3186abd8a58eb466c9a1e80d968a93f83e8503b4f25a179c0166bd59cb484ea834c1

/data/data/com.plexnor.gravityscreenofffree/databases/analytics

MD5 22903966ca9d8c4ede92dec2bd89d195
SHA1 96d688d64661f607205817da32c853049eb63a82
SHA256 f5c0952b62023df10aeb66e55c2e42a92a79908d66c542dba83fa2dc5d189174
SHA512 2382a357e6f75f8913e097563a5d2b69f3a3772aa7eb4c534258d1e669458d153b3ea2d01f9af6effc33c11a0fc682064a4897643fafdcb0495b0c27c581b7e7

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-31 20:09

Reported

2024-05-31 20:12

Platform

android-x64-arm64-20240514-en

Max time kernel

179s

Max time network

134s

Command Line

com.plexnor.gravityscreenofffree

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.plexnor.gravityscreenofffree/.栗잌섦 N/A N/A
N/A /data/data/com.plexnor.gravityscreenofffree/.栗잌섦 N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.plexnor.gravityscreenofffree

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 analytics.appmonsta.com udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/data/com.plexnor.gravityscreenofffree/.栗잌섦

MD5 254158aa405538310a2c7f0d2975ae82
SHA1 86ec39317aa612876d5b885079433d79de96e50a
SHA256 fa3e87d9779f860ac034182c5d70060697fdb68262fb7d345bed97d1db7ec48c
SHA512 07b17a4e93c62c365703227e9a8c0606aa922a505cc36c76ba8d4f5ef3365524bbd69eef688a6425c755841ae116cfcf0081cc6806de73a43eb498a414ee5868

/data/data/com.plexnor.gravityscreenofffree/.栗잌섦

MD5 f56179025ae7eae2d729accc44f67a72
SHA1 f957cf417cee1d44b0d4d173e346bc7d83c9e815
SHA256 07c43fe3e41590bc1f31d56d943641d0c5b9ac7062b686e844a471d52b9a57c7
SHA512 86241d1f0efff602251f6bec1c5d0834fb88a62c12eab4da0b03c26438ce84d03a47fe921a83350ea9674035775c6360debb1e6bbc0b964cd192008427b56f0a

/data/data/com.plexnor.gravityscreenofffree/.栗잌섦

MD5 a07b3c15a2b5d6ed706fd2bb32188f30
SHA1 4af8f54f63d8bb9bb42c6887f3bc1a56c756b539
SHA256 5ad6825ac105be18ba1a6d3e85297c300b12eb225ff73d29b72b9188d7a3ab4f
SHA512 4083c9cdd9a5a1e76112c52259e97f4ac49742f368635c1a717fe4d1eaf511a37e2b74a553bd8c359340b3d8316b0cb198ba47f1406f6061140025939a80c951

/data/data/com.plexnor.gravityscreenofffree/.栗잌섦

MD5 4a6638940a09a510f37028ad22f5c078
SHA1 73586c7f70fae7486b4d7d4d97bfc75ce29b4feb
SHA256 6ec306de221298a2de39650c4970431bc34e82e8b3e7fcadf4998c9cb82dd06d
SHA512 ec83d9faa8996b2dbb57d290984bbad99dc3b9cee24452d38479d9d02105ea1dbaad3dc61aaefff72abcdab554d559d4afd8b703e2529c105fd7fb2daf73aa93

/data/user/0/com.plexnor.gravityscreenofffree/files/gaClientId

MD5 a6e9f735b065047fa0c5943c76d012db
SHA1 5bb19fcd8504c9040fcd78d12935a0452ad475c3
SHA256 a42dda918b0382e0f7724fd01d3b239578d8c6590b735382f85d82af53e76482
SHA512 9509c588210a28efcd43b3149752a037bf277216cc5f4343b8df88c20662ec392f4e9a66be2bc3c61eb96650e818864d432b8f3c6937cabc80d4eae840c179c1

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 496cdd5e92e045b9dafbafd49f013db9
SHA1 f5a02dd2e7c6a9753ca5d3617cd88bfe1a5623cf
SHA256 c14453601b57393901dcdd58664b6842091447f266b3899d4ef768750d106764
SHA512 53c2087cff7bc5793f1d8b0e49dad4fcfed1e9c96e695d0e2c28b79de5e31d68da24f0db750a13ea3fe2e000e087b560e39b9328dbe9e90edad790653af8eea1

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics

MD5 a7882a0c512556c79f44860cdb822e30
SHA1 22a1e3c6d8e0cc6e8eda770cc78cf61a9c970df5
SHA256 df34d40e7e540ab5f30a4c445ceb78d6e4265e5df1636994e503642bc65c64f1
SHA512 dfba1a3f1c5d97b8fa3ad5f7f5d7dd331b1195ac713d6f2a697e9e639b8b8621cd4288f8464a6430d7eea55d523d3fce7f80b7bfdeca5c98b6e98bc401e8a402

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 db66cbe632f863ada63db9d34ab8f9e5
SHA1 5a24367a99a65a3ca50e868c42f33c3d425c92fc
SHA256 376732f4c3af47c380c765793a030b028989cbc5979c98ac54b31c2819517d88
SHA512 6ff271ea5290f19d2135687c4810ce27b0161a754e8a2a7e38796509837fcced147f162201b5a71c72b6aa8cb8cc9813daf056c08a3368be6cefab322016fc6b

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 28a2b567b2b80954a517936234af7442
SHA1 a6ffb85a73e201be56ecb8a89fb65e9c136fe0e7
SHA256 49dc3b4de6d1266bf842983515730197970a1675fccf0ff49b71cd387820fa35
SHA512 df572938a616968482604f544a6f82b39578d268fa616fd575c0e39fc054c80d940b5b78a6435fb41a97c1f1171a367c3d6314b56220be4aca81868a1e960e61

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 ddc83d94e1d1c6aa74c7a95209ca708e
SHA1 b041bb573f53a13a07c6f8b86e609e962cdbd26d
SHA256 67a8b12d964206a2ef4fe9429c19b2df9131b860a90fadd7a457e671eb5316d0
SHA512 564cce1d9eb0c115bc08faf9ad42412e9e3d61f82d9cc6f27a1c8870b594d14112c3792e26bd9ad5c34cc2e50578f23a7c27e4f97a86964ceb141252a5d3b4ef

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 027479c912ec478b0891346c04a8b692
SHA1 0a9f6d28511174144222e8fe52e93934e4b526fd
SHA256 f0263644401e3739d72f8bbc3cd9729d28de1e7ee135d6e37e2c0a4462412219
SHA512 865f7e962579d9455b0e3c6481eb8f9e7d2b9fba4f7774ff856febe3df107dcad8baf15e50196573b7b359d45c87278284f796ebbdc9b4f411d2cfeb7c95d43f

/data/user/0/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal

MD5 7321e3c56e2a9fb0ba1edbcbd98d845d
SHA1 9242f9a5db36cf007a42f661ba59a07271494eed
SHA256 c15548977c7f3fa938c5d75e61d7218f81d3e00b0486e2c5ea17a0b8ae944a44
SHA512 7135f6678586004759be5d498dc3e1bf97b6bbf039c438ebc9da06adbe9272254e622f95ad9f38bce2fdb8b75bc8250018a5880e93c0a944ec1e9838eaa42a84

/data/user/0/com.plexnor.gravityscreenofffree/databases/gravityScreen

MD5 6ae000e997ab738e5cf3da677d4d2b72
SHA1 185cbfa1a4a3edf662b2701808bba68facc7e9ea
SHA256 9c13632957909bc44c61494d74be97a44310af6277ffff83b0e365b39613d3b8
SHA512 9853d3a89c42a69ceeb43dc5196ff79ed5a2ecbee2a20b32ee1a5d6caf0bb3f0b1671ceb22564429fa99e237211079496da22b77d3bfe451fa6d70570eb98042

/data/user/0/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal

MD5 9f005821dfdc5f692d7274c56c0ca291
SHA1 52c2fde8c31cf786aed3581d87c9bd5a9591d3bc
SHA256 42f185de608c1d27ad3f2331c150852bbc54a9410f86e7c585b7a782fcc64348
SHA512 fcea88d5fcf2fc718424dfe734a2512513a814bba59bd484fa24b40d6b69ef00abc91b96bdbe5f3a8bbcf7570e7c6304c1da1b57f91af97156a5f55e10983a2c

/data/user/0/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal

MD5 0178f75ca8e8268c19128df590fcafea
SHA1 ca134b68a9eb22d88b7626dc197aa50f09661371
SHA256 c91e47bd5c02ee3d0b6916b8a2e0a8e81be42ed1442212a120d815a41447a553
SHA512 c00f3e669d9b454259a9fcd0ef473e1ca8d90307d89b424f5b1090bc23ccc5b72da90b54c2a90a9153bb0a34aeba035fd3334bfca66ac5fb32ca378a2ee7bc70

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal

MD5 7f2f3acaab65ea918a4c05b82525d087
SHA1 da9f9e19d393232782bf67f60c42820f41314ad1
SHA256 51f86e3286fb61240c2497b1fc0d4ec6239d5740806643e54d5b75554383560e
SHA512 c3360d2795fc0692b66a0d4269a0ad2510a6096325587243329abc5b8e74fed5214677c671e3b256f3a644142a2aebeea5975e57acf3406749c670bb7aed3529

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics

MD5 9adef10b8241abbcc8add0a7238ce63c
SHA1 b3dc87546eeacb5d963c047733b926eea08c3647
SHA256 1d2a28597e565142dbc74ab79e2a060925907fc30702d349d3afa95f3ca14dfa
SHA512 794e991025bf72595320cd2f4b48847ed5c11c93325d90edb6ba4bc240973d7e7413676ec3728e2e110550a2dcd018986544c0329aea65e3f665547fef1abf73

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics

MD5 23a0070091c6354f582e939ba31b207f
SHA1 5af55c5a3e565867056d3db66f8939b32d3c5278
SHA256 e2d3a46b239c50e609e52852e10cc7f01770f00d10025f9c2cbc12e4b0cbcfbf
SHA512 70f32cd1d54b9942de7f4a4f7bad8bb669931d9294fa4a1b4a3277c3d81d1a0efe464beaedff9958c6d159e3096b66670279bc5bb4ebf89d96acfd6732ea7cf1

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics

MD5 0f3c0b0db0d5a163db2a17a00f71f895
SHA1 84f4fd17ad285536b7ea48a4571557e393842c39
SHA256 0b103bab380a57421e51c2186071adee350550457c31504cf09602a4d42b4c74
SHA512 d6f4188054e10cd0d5e11ff6a0f1683cccf2e8aa7cffd28d7b77bbe73a4eb3e0496cfbb8ba95872ef87d81e2bdb1db3f0bf30219c705aa195191ae6130a6ca29

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics

MD5 5cf835bdc9dc100bfb9d97f6c6e65825
SHA1 65f809fb7aba0e4834e90f2861e38649e81786d6
SHA256 e0912ee7d479c0c965eea24e331ce419128ee47d0e67b3eb325b128dcbfed2ab
SHA512 56aecbc5c6462c85b3c86ab847672ec1db65bdb2d64d0613b431843abbb3242d57531e45523e844c824a5cbb71597fee0fc3a483b57f8b20e04f48f4b9ad7c71

/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics

MD5 b986397df15452635ad197717e1db422
SHA1 a45ac20ba0bdbb133825946e42095cb45afedb2a
SHA256 35cc5ae05049c8bbe1fe912f0cc06744b121b1beb3458e725b8875d451ae50ae
SHA512 7b650d353744873e4bb05721e162cc759f1174580ed65ae29f2415c2b58486d6a34157ff19318695cd6a506a696c5f566503bc5a2c6e2923eddea11e59e94e26