Analysis
-
max time kernel
87s -
max time network
147s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
15-06-2024 02:22
Static task
static1
Behavioral task
behavioral1
Sample
a6b4e356377427cbfde6ec72f92b793a.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a6b4e356377427cbfde6ec72f92b793a.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a6b4e356377427cbfde6ec72f92b793a.apk
-
Size
15.4MB
-
MD5
a6b4e356377427cbfde6ec72f92b793a
-
SHA1
6ba5dd4bc45d52e8d02124cdeb85c34d57282894
-
SHA256
8de43470c81536505713bac1e7f073b4231cbaa0e234fd2746ed7daf2bf3d836
-
SHA512
143c8f12d4987e3554ff0983d674613c8d4c0aa47df4c29a69f3b03f08aa519cb2487e0ffaf912f6144aff7e3752edb6ba39ac81d29c70e61b4aa7bc2407d3c8
-
SSDEEP
393216:U8mXMAp+rQo4DLfZOCNC5wFxF8cEnhefkLE7MgWw8zzJJobH:U8KN+rSfHGsF8cEMfcxvzJJobH
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.joeware.android.gpulumeraioc process /system/app/Superuser.apk com.joeware.android.gpulumera -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.joeware.android.gpulumeraioc pid process /data/user/0/com.joeware.android.gpulumera/cache/1582435991586.jar 4260 com.joeware.android.gpulumera -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.joeware.android.gpulumeradescription ioc process Framework service call android.accounts.IAccountManager.getAccounts com.joeware.android.gpulumera -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.joeware.android.gpulumeradescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.joeware.android.gpulumera -
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
Processes:
com.joeware.android.gpulumeradescription ioc process URI accessed for read content://media/external/images/media com.joeware.android.gpulumera -
Acquires the wake lock 1 IoCs
Processes:
com.joeware.android.gpulumeradescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.joeware.android.gpulumera -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.joeware.android.gpulumeradescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.joeware.android.gpulumera -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.joeware.android.gpulumeradescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.joeware.android.gpulumera -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.joeware.android.gpulumeradescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.joeware.android.gpulumera -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.joeware.android.gpulumeradescription ioc process Framework API call android.hardware.SensorManager.registerListener com.joeware.android.gpulumera -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.joeware.android.gpulumeradescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.joeware.android.gpulumera -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.joeware.android.gpulumeradescription ioc process Framework API call javax.crypto.Cipher.doFinal com.joeware.android.gpulumera -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.joeware.android.gpulumera1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Reads the content of photos stored on the user's device.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.joeware.android.gpulumera/cache/1582435991586.jarFilesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
/data/data/com.joeware.android.gpulumera/databases/evernote_jobs.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.joeware.android.gpulumera/databases/evernote_jobs.db-journalFilesize
512B
MD5a4feb189dba59e1267fed629dabf6ba4
SHA12f1d63747474ea8acb3a7cdf6067c67b24567b98
SHA2566e131e45a0d0e272fbe041443b148bba5650aa150be8d5cf5d3657d29817c3c1
SHA51212637e02d5f7f5edf5bc6d8169e98c97760a05e2a00137eb81542afb44e4d271fa54c8f9eac34b997cf1954b39ecfc42fd558c7ee7f2038809c8a06c5485c5a9
-
/data/data/com.joeware.android.gpulumera/databases/evernote_jobs.db-walFilesize
32KB
MD53fe5dc4cfb2dd5ed8d6aaf88b8aae4f3
SHA1e551213120cb6687e4c625b7a54f3b7cf736575d
SHA2568b8d2a4387a8457ba82139dab783f499b074087bedfd27d809d5fb1e26230eec
SHA512c9eb74fbbbb012edf97e71bf2137bf3cf3d217a9ba0bc8ea473daa3e772e79f7ab9a965049de42f178884b791bec20673d52b18e0514dfd770fa3e1d6ee029e6
-
/data/data/com.joeware.android.gpulumera/databases/google_analytics_v4.db-journalFilesize
512B
MD59c2f8cacd9436f4091bdc8319c3ccb68
SHA1f2792be9741508f250ee21fa676d37f74002f437
SHA256c3c83f248fcea03cdf63a53d7c850e754dc524e20257277c68dde7e9f197e842
SHA512e641e626831a55456acdd9c1170c8165ed3ed51c60ffc31de4151cd75fe737dc6fa80357527d6977147b4f17d0de6682881cb4cac27eadd39fcd3a6826ead2a4
-
/data/data/com.joeware.android.gpulumera/databases/google_analytics_v4.db-walFilesize
92KB
MD5a4d06202ddf08a49c6f9079751e5ad01
SHA122a5dfce089df84143b22b6dfcc1cd49a394dcb6
SHA2561e3b937486a67d769cecd0b079b49d8d4a65b65c8027e0b6126248a7f0eb0124
SHA512bc72ac1ef1026f94b17fdd6293d4800526e70ee5c29d044fff203efbdfb5ad10aa9ebaac35c70922cf1259f4f282396505e3fd67888a49ae34ee74a385db60d4
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.dbFilesize
16KB
MD5f788856b7c0ceaa22c04ecc158522dc3
SHA1a2d2b649cbb99654aa4235bb736a91d307e8d240
SHA256165045071989338a809911821340b130b7d0887bc6f1c46184e5b5ac200b603f
SHA512be3bb4d52d42e057a1c694092ba8d304159f5e4b1c3e32b25a7344a16b275b35a122ee8162a8eb5a89c1dc2059cb0380728c8313b5235553bcc229b840f21907
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.dbFilesize
16KB
MD5926da35ffc39299c6db4e0508c21d67a
SHA14c369e9bf7d629e37b4e36705d90f1c7ba556505
SHA2563bfbbcab2db39cb5d9539dcaa902bbee528b259052c1936759c7baff72160d16
SHA5122a754fe9f109337d75561dc0bdbf649de4137b6eb62e4072698023c92b0f1717b3501de94756799c7c77afe43770e7821df4782ebb6aea8eb894ed067791c2d2
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.dbFilesize
16KB
MD531102412952d0d5cc87550c27a5bc47c
SHA13a75785c08f0e1c43fcbaa237583f9807018d7c8
SHA256c2c82717c898c8473d4b04ce21633bf40ea548adb3fc70d16132851885d8c5e3
SHA512acc3c323ea5e5fbec1d38951e6562ed4966a4468148601e320175183b5cedf952f9422f286e47d475563b45970aa7fed75e7cf31f5f7f33d97797761a6290482
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.dbFilesize
16KB
MD5771939bde3b2aa62dfbe3ef881c23471
SHA1754eaf1974cfd57df00337a061540ff083ac8d6f
SHA2566b5383a316d365d9dafcc4318bf11d86aafd5299e498349012c45ba33af2eb98
SHA512c07d6abdc43d4249e7cc0b4f67d0075b729eecf8f314c7e1d9091d15f361f36eef3f10fa5fedd4268bb2d6558d0b3b35cd51549fd68a889fa1f23841342529d3
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.dbFilesize
16KB
MD545c656ec3ec12082620cbcd354537f77
SHA10997e7a702eae8165201997372785c02ce63b560
SHA256cf70c36279115582823ce80c207345aec29e682711008b75db8795cb5a1d04f4
SHA512c51e80b64a7bf3bf40b6bfe960d6122522fee727fc04d753184b2f37ff1c2c1bb19dda37607d7e776fc2ff37d0c1448aa1e686de1ee4bc0e582c37b723333054
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.dbFilesize
16KB
MD5919e6ede8b37183355e8298ae9b6d6a4
SHA16cd2bbc4e3442f686ba1df804d58cc7c8bf1ae0e
SHA256854f7efcea1d72a9cb7e9ad0acb74f5e066f6ee9b90f9082fd8c8d6fb75077f5
SHA5124a8338980f928b8c03e34fc16b052c654e0e776878125253262379523ad6bfda3978feddbfee6ca8701e541e06034d08afc2809ef0b1e3575795866ee6a0d1af
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-journalFilesize
512B
MD5b9d3ed2314627f8a554c91e984a4adb0
SHA1075a19ebdfe022dd4fa52f95ce8daa83e9a844c6
SHA256ab1980cb3c5f76d485c50d2b82014411293ef36607bbd8a76dace6fc9d413596
SHA5125b4652662d4f30068b40fe01efadaabc065649e4b042135d1e828a6ccf77089734bed77ed5f35b20b0ddcaee52fae971c94cd257c299dd4c13a59c723430e03b
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-walFilesize
4KB
MD5c507ba9594be181d4cdcc85cb1b8ef92
SHA123f2f9a8771e74aa1dd796e51d812825a037711e
SHA2560348b5c509a0b2569b033feff711c56ef916ec8b49767df3291001026a099be6
SHA5129052f933d78454df7156c57b8b5d2a488225e646e40015199cb5404e05c433d398cdb7fd819f95ce9eafccb0ae0b5cab6590c4b62727f7dd03503995bc88d5b6
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-walFilesize
4KB
MD599f18624e805ecd2293f9db536dbeb78
SHA11390a8ae04d6f5055ea9448a61db2f39fedcd657
SHA25661ff88921ba2d1ab575eac9a49fae052d9614ab0471532681b274f440f944758
SHA512e6ae0fbb368fba892d6b2200e3391b1360543a77bcbf62b292f42be164247afad464dcb450a44c01f972eb7fb5be2cd9eb3a679abc3bbaace0c8a8cbfcd3df8a
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-walFilesize
4KB
MD5a3e63ee5f32fba3b2526164da7e51b61
SHA1cb723910d655f1a3f3c05f46d94fb1f987ec9d84
SHA256b2ff6466f2e90bfcfb115ca31de838f1c7f090d181e8bcead9300423c8741970
SHA512fa5a59fcc2f7ed16dc15ba1e4d4e53d229528e9d24ad2ca6202793b95a074c7594648e773912df7e15ebd9c639bcffc8419c4e2561b0f5d3705c0a9431699a39
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-walFilesize
4KB
MD557ddf2f1827054364d52eff07fc4a9f9
SHA1fc16eba69a08f61354a66119b103c879009814f9
SHA256b264f14162a96f8faddbcaa8d8b78faa68df8f1328e347202ede69d07f3e717d
SHA51270346a58f3223299442814fd3dba4b7ecffb5f175f8b31a3da3487f80060a84bed78959d20bd15f1fbb45b49299d99f99074175bd4ed76224e0a4254559439fa
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-walFilesize
36KB
MD58bda88d020bc32ef8e8f2266d182417b
SHA109c55789412e91e0cc946f865f7b47d149d63d2c
SHA256fc8658a904114e2a8b29341b89aa72a49621190f2597127e257bd14a44e9bb81
SHA512ebbcceb7cc841ce8e11cf4fff663c4eae4ac17a3a197be138293a4aac4ecaa6cf16bd1c4555b31cc36d821f9ea59c4f6a47b2b4ae1e6298c82a9ffe2915f5f09
-
/data/data/com.joeware.android.gpulumera/databases/google_app_measurement_local.db-walFilesize
4KB
MD5829701beae6119ff65edebc89156c77f
SHA10f77e8c11726d721deb434d5cec3f8cbc8712ce3
SHA25611db828de7d48a5afa1dafd217dbad0ba54d64934947a25015c870d96c11480b
SHA5128fc95b3d717706eec80f951ff8333a97d3e900aee293390490b948863ba668a9373756c7ed613b1b50cea11ae90495902777b5fc406e32b3d8b24d799254ca8f
-
/data/data/com.joeware.android.gpulumera/databases/mobvista.msdk.db-journalFilesize
512B
MD5269a2a95ae8fc3247d2f5b8ad43540b7
SHA153f849a5496797ae7ac1aec8a465cdf190853361
SHA256b6922145306b5f6a2a216bd2e1992d3a35460c9b10447ac514986ac3047383ba
SHA512d515ca7b79688295daa8032d46c1a822626c5febb65ff528f371475ec1daec5f387aff41da239ba66317a62cbc740916b652da289d5d61ce027dcac1206b24c4
-
/data/data/com.joeware.android.gpulumera/databases/mobvista.msdk.db-walFilesize
64KB
MD5cff02dbe315f84d5746a97944a1feff2
SHA1fb778fee588756970351fa565fe12b6ce2865d0c
SHA2563c080fa6d6520fcffb582492be16df87331937032d3ac9a56bfd26352f0b5ed6
SHA512142e6f82b2333488554cb69f012a36985dc219fdf6b881aaf1d192663f6b44b4d474a211e7d5c4254c11b4cfcffecb079eafc216b92fe59ddf19afc346e974cf
-
/data/data/com.joeware.android.gpulumera/files/gaClientIdFilesize
36B
MD51118ee624432a0dd8f13da882da20454
SHA18740ff0fa539d8eb7339277e4cfbf1aafa57ca88
SHA2564bb75bd62df65952eec5e79ee7f33bf2d545e33d689d1d78857df6305b13cdb2
SHA512684088361e94411d61057cc3296ed09ce5053324087ba3966e984a2509afd410902208eb72bd0a21beef19e329b819dc5cc3d53b3fd1598b20bae4d1593892da
-
/data/data/com.joeware.android.gpulumera/files/persisted_configFilesize
283B
MD50e3e306e28e8bd415a130cb2db93c9fb
SHA1e2d07617a766877b837ba463208edc13b5ebb27e
SHA256726c9e0083719d2844d46b3e8f5d119f0bbee10e489431c07b80bc7a20712842
SHA51201c404a7140f7ced077cfcf0b0467537336f4022ab0639556197161fd67b044229ff666e99f7ac0ae1e9421e7d2557533d03a566ba7b8e212e19e49ccfc030f2
-
/data/data/com.joeware.android.gpulumera/files/persisted_configFilesize
6KB
MD55dfe968f6f027803a65887ca7fd3e9c8
SHA105c5568ce434d16a41c9b843c34b80e08943b1ef
SHA25601047208573b7248879ea625f342604b59921b356b38850040820cadbd7db892
SHA5126e5379fe74ddb531aa0bfe376d705763294a1bcd757eaad0bd9850ebcb7ba957ef36d8de532d817ef95ff77db3651d813f259f50610b2e8fde7867457c74f1f3
-
/data/data/com.joeware.android.gpulumera/files/persisted_configFilesize
6KB
MD5f645c88674cba3a9de362aec4c837cd4
SHA18048d126abaff08999120d0c8385b1f138d646e8
SHA2565ebdd6797c0a8eee8b816d61f6b5cb5eddc42dd452e1883ddfe779fed0e3c12e
SHA5129b8879603da801fa702cc4f350bd72fc5311f326caa695e2966a15ce45b6b1d3aaa2461e506991c8d3046d6bbf4576e7e8430f501dd03e999b57c82a34d33409
-
/data/user/0/com.joeware.android.gpulumera/cache/1582435991586.jarFilesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56