Analysis

  • max time kernel
    87s
  • max time network
    147s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    15-06-2024 02:22

General

  • Target

    a6b4e356377427cbfde6ec72f92b793a.apk

  • Size

    15.4MB

  • MD5

    a6b4e356377427cbfde6ec72f92b793a

  • SHA1

    6ba5dd4bc45d52e8d02124cdeb85c34d57282894

  • SHA256

    8de43470c81536505713bac1e7f073b4231cbaa0e234fd2746ed7daf2bf3d836

  • SHA512

    143c8f12d4987e3554ff0983d674613c8d4c0aa47df4c29a69f3b03f08aa519cb2487e0ffaf912f6144aff7e3752edb6ba39ac81d29c70e61b4aa7bc2407d3c8

  • SSDEEP

    393216:U8mXMAp+rQo4DLfZOCNC5wFxF8cEnhefkLE7MgWw8zzJJobH:U8KN+rSfHGsF8cEMfcxvzJJobH

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.joeware.android.gpulumera
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Reads the content of photos stored on the user's device.
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.joeware.android.gpulumera/cache/1582435991586.jar
    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

  • /data/data/com.joeware.android.gpulumera/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.joeware.android.gpulumera/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    a4feb189dba59e1267fed629dabf6ba4

    SHA1

    2f1d63747474ea8acb3a7cdf6067c67b24567b98

    SHA256

    6e131e45a0d0e272fbe041443b148bba5650aa150be8d5cf5d3657d29817c3c1

    SHA512

    12637e02d5f7f5edf5bc6d8169e98c97760a05e2a00137eb81542afb44e4d271fa54c8f9eac34b997cf1954b39ecfc42fd558c7ee7f2038809c8a06c5485c5a9

  • /data/data/com.joeware.android.gpulumera/databases/evernote_jobs.db-wal
    Filesize

    32KB

    MD5

    3fe5dc4cfb2dd5ed8d6aaf88b8aae4f3

    SHA1

    e551213120cb6687e4c625b7a54f3b7cf736575d

    SHA256

    8b8d2a4387a8457ba82139dab783f499b074087bedfd27d809d5fb1e26230eec

    SHA512

    c9eb74fbbbb012edf97e71bf2137bf3cf3d217a9ba0bc8ea473daa3e772e79f7ab9a965049de42f178884b791bec20673d52b18e0514dfd770fa3e1d6ee029e6

  • /data/data/com.joeware.android.gpulumera/databases/google_analytics_v4.db-journal
    Filesize

    512B

    MD5

    9c2f8cacd9436f4091bdc8319c3ccb68

    SHA1

    f2792be9741508f250ee21fa676d37f74002f437

    SHA256

    c3c83f248fcea03cdf63a53d7c850e754dc524e20257277c68dde7e9f197e842

    SHA512

    e641e626831a55456acdd9c1170c8165ed3ed51c60ffc31de4151cd75fe737dc6fa80357527d6977147b4f17d0de6682881cb4cac27eadd39fcd3a6826ead2a4

  • /data/data/com.joeware.android.gpulumera/databases/google_analytics_v4.db-wal
    Filesize

    92KB

    MD5

    a4d06202ddf08a49c6f9079751e5ad01

    SHA1

    22a5dfce089df84143b22b6dfcc1cd49a394dcb6

    SHA256

    1e3b937486a67d769cecd0b079b49d8d4a65b65c8027e0b6126248a7f0eb0124

    SHA512

    bc72ac1ef1026f94b17fdd6293d4800526e70ee5c29d044fff203efbdfb5ad10aa9ebaac35c70922cf1259f4f282396505e3fd67888a49ae34ee74a385db60d4

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    f788856b7c0ceaa22c04ecc158522dc3

    SHA1

    a2d2b649cbb99654aa4235bb736a91d307e8d240

    SHA256

    165045071989338a809911821340b130b7d0887bc6f1c46184e5b5ac200b603f

    SHA512

    be3bb4d52d42e057a1c694092ba8d304159f5e4b1c3e32b25a7344a16b275b35a122ee8162a8eb5a89c1dc2059cb0380728c8313b5235553bcc229b840f21907

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    926da35ffc39299c6db4e0508c21d67a

    SHA1

    4c369e9bf7d629e37b4e36705d90f1c7ba556505

    SHA256

    3bfbbcab2db39cb5d9539dcaa902bbee528b259052c1936759c7baff72160d16

    SHA512

    2a754fe9f109337d75561dc0bdbf649de4137b6eb62e4072698023c92b0f1717b3501de94756799c7c77afe43770e7821df4782ebb6aea8eb894ed067791c2d2

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    31102412952d0d5cc87550c27a5bc47c

    SHA1

    3a75785c08f0e1c43fcbaa237583f9807018d7c8

    SHA256

    c2c82717c898c8473d4b04ce21633bf40ea548adb3fc70d16132851885d8c5e3

    SHA512

    acc3c323ea5e5fbec1d38951e6562ed4966a4468148601e320175183b5cedf952f9422f286e47d475563b45970aa7fed75e7cf31f5f7f33d97797761a6290482

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    771939bde3b2aa62dfbe3ef881c23471

    SHA1

    754eaf1974cfd57df00337a061540ff083ac8d6f

    SHA256

    6b5383a316d365d9dafcc4318bf11d86aafd5299e498349012c45ba33af2eb98

    SHA512

    c07d6abdc43d4249e7cc0b4f67d0075b729eecf8f314c7e1d9091d15f361f36eef3f10fa5fedd4268bb2d6558d0b3b35cd51549fd68a889fa1f23841342529d3

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    45c656ec3ec12082620cbcd354537f77

    SHA1

    0997e7a702eae8165201997372785c02ce63b560

    SHA256

    cf70c36279115582823ce80c207345aec29e682711008b75db8795cb5a1d04f4

    SHA512

    c51e80b64a7bf3bf40b6bfe960d6122522fee727fc04d753184b2f37ff1c2c1bb19dda37607d7e776fc2ff37d0c1448aa1e686de1ee4bc0e582c37b723333054

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    919e6ede8b37183355e8298ae9b6d6a4

    SHA1

    6cd2bbc4e3442f686ba1df804d58cc7c8bf1ae0e

    SHA256

    854f7efcea1d72a9cb7e9ad0acb74f5e066f6ee9b90f9082fd8c8d6fb75077f5

    SHA512

    4a8338980f928b8c03e34fc16b052c654e0e776878125253262379523ad6bfda3978feddbfee6ca8701e541e06034d08afc2809ef0b1e3575795866ee6a0d1af

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-journal
    Filesize

    512B

    MD5

    b9d3ed2314627f8a554c91e984a4adb0

    SHA1

    075a19ebdfe022dd4fa52f95ce8daa83e9a844c6

    SHA256

    ab1980cb3c5f76d485c50d2b82014411293ef36607bbd8a76dace6fc9d413596

    SHA512

    5b4652662d4f30068b40fe01efadaabc065649e4b042135d1e828a6ccf77089734bed77ed5f35b20b0ddcaee52fae971c94cd257c299dd4c13a59c723430e03b

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    c507ba9594be181d4cdcc85cb1b8ef92

    SHA1

    23f2f9a8771e74aa1dd796e51d812825a037711e

    SHA256

    0348b5c509a0b2569b033feff711c56ef916ec8b49767df3291001026a099be6

    SHA512

    9052f933d78454df7156c57b8b5d2a488225e646e40015199cb5404e05c433d398cdb7fd819f95ce9eafccb0ae0b5cab6590c4b62727f7dd03503995bc88d5b6

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    99f18624e805ecd2293f9db536dbeb78

    SHA1

    1390a8ae04d6f5055ea9448a61db2f39fedcd657

    SHA256

    61ff88921ba2d1ab575eac9a49fae052d9614ab0471532681b274f440f944758

    SHA512

    e6ae0fbb368fba892d6b2200e3391b1360543a77bcbf62b292f42be164247afad464dcb450a44c01f972eb7fb5be2cd9eb3a679abc3bbaace0c8a8cbfcd3df8a

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    a3e63ee5f32fba3b2526164da7e51b61

    SHA1

    cb723910d655f1a3f3c05f46d94fb1f987ec9d84

    SHA256

    b2ff6466f2e90bfcfb115ca31de838f1c7f090d181e8bcead9300423c8741970

    SHA512

    fa5a59fcc2f7ed16dc15ba1e4d4e53d229528e9d24ad2ca6202793b95a074c7594648e773912df7e15ebd9c639bcffc8419c4e2561b0f5d3705c0a9431699a39

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    57ddf2f1827054364d52eff07fc4a9f9

    SHA1

    fc16eba69a08f61354a66119b103c879009814f9

    SHA256

    b264f14162a96f8faddbcaa8d8b78faa68df8f1328e347202ede69d07f3e717d

    SHA512

    70346a58f3223299442814fd3dba4b7ecffb5f175f8b31a3da3487f80060a84bed78959d20bd15f1fbb45b49299d99f99074175bd4ed76224e0a4254559439fa

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal
    Filesize

    36KB

    MD5

    8bda88d020bc32ef8e8f2266d182417b

    SHA1

    09c55789412e91e0cc946f865f7b47d149d63d2c

    SHA256

    fc8658a904114e2a8b29341b89aa72a49621190f2597127e257bd14a44e9bb81

    SHA512

    ebbcceb7cc841ce8e11cf4fff663c4eae4ac17a3a197be138293a4aac4ecaa6cf16bd1c4555b31cc36d821f9ea59c4f6a47b2b4ae1e6298c82a9ffe2915f5f09

  • /data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    829701beae6119ff65edebc89156c77f

    SHA1

    0f77e8c11726d721deb434d5cec3f8cbc8712ce3

    SHA256

    11db828de7d48a5afa1dafd217dbad0ba54d64934947a25015c870d96c11480b

    SHA512

    8fc95b3d717706eec80f951ff8333a97d3e900aee293390490b948863ba668a9373756c7ed613b1b50cea11ae90495902777b5fc406e32b3d8b24d799254ca8f

  • /data/data/com.joeware.android.gpulumera/databases/mobvista.msdk.db-journal
    Filesize

    512B

    MD5

    269a2a95ae8fc3247d2f5b8ad43540b7

    SHA1

    53f849a5496797ae7ac1aec8a465cdf190853361

    SHA256

    b6922145306b5f6a2a216bd2e1992d3a35460c9b10447ac514986ac3047383ba

    SHA512

    d515ca7b79688295daa8032d46c1a822626c5febb65ff528f371475ec1daec5f387aff41da239ba66317a62cbc740916b652da289d5d61ce027dcac1206b24c4

  • /data/data/com.joeware.android.gpulumera/databases/mobvista.msdk.db-wal
    Filesize

    64KB

    MD5

    cff02dbe315f84d5746a97944a1feff2

    SHA1

    fb778fee588756970351fa565fe12b6ce2865d0c

    SHA256

    3c080fa6d6520fcffb582492be16df87331937032d3ac9a56bfd26352f0b5ed6

    SHA512

    142e6f82b2333488554cb69f012a36985dc219fdf6b881aaf1d192663f6b44b4d474a211e7d5c4254c11b4cfcffecb079eafc216b92fe59ddf19afc346e974cf

  • /data/data/com.joeware.android.gpulumera/files/gaClientId
    Filesize

    36B

    MD5

    1118ee624432a0dd8f13da882da20454

    SHA1

    8740ff0fa539d8eb7339277e4cfbf1aafa57ca88

    SHA256

    4bb75bd62df65952eec5e79ee7f33bf2d545e33d689d1d78857df6305b13cdb2

    SHA512

    684088361e94411d61057cc3296ed09ce5053324087ba3966e984a2509afd410902208eb72bd0a21beef19e329b819dc5cc3d53b3fd1598b20bae4d1593892da

  • /data/data/com.joeware.android.gpulumera/files/persisted_config
    Filesize

    283B

    MD5

    0e3e306e28e8bd415a130cb2db93c9fb

    SHA1

    e2d07617a766877b837ba463208edc13b5ebb27e

    SHA256

    726c9e0083719d2844d46b3e8f5d119f0bbee10e489431c07b80bc7a20712842

    SHA512

    01c404a7140f7ced077cfcf0b0467537336f4022ab0639556197161fd67b044229ff666e99f7ac0ae1e9421e7d2557533d03a566ba7b8e212e19e49ccfc030f2

  • /data/data/com.joeware.android.gpulumera/files/persisted_config
    Filesize

    6KB

    MD5

    5dfe968f6f027803a65887ca7fd3e9c8

    SHA1

    05c5568ce434d16a41c9b843c34b80e08943b1ef

    SHA256

    01047208573b7248879ea625f342604b59921b356b38850040820cadbd7db892

    SHA512

    6e5379fe74ddb531aa0bfe376d705763294a1bcd757eaad0bd9850ebcb7ba957ef36d8de532d817ef95ff77db3651d813f259f50610b2e8fde7867457c74f1f3

  • /data/data/com.joeware.android.gpulumera/files/persisted_config
    Filesize

    6KB

    MD5

    f645c88674cba3a9de362aec4c837cd4

    SHA1

    8048d126abaff08999120d0c8385b1f138d646e8

    SHA256

    5ebdd6797c0a8eee8b816d61f6b5cb5eddc42dd452e1883ddfe779fed0e3c12e

    SHA512

    9b8879603da801fa702cc4f350bd72fc5311f326caa695e2966a15ce45b6b1d3aaa2461e506991c8d3046d6bbf4576e7e8430f501dd03e999b57c82a34d33409

  • /data/user/0/com.joeware.android.gpulumera/cache/1582435991586.jar
    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56