Analysis

  • max time kernel
    7s
  • max time network
    188s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    21-06-2024 10:07

General

  • Target

    Skygofree_pe.apk

  • Size

    1.6MB

  • MD5

    708445b8d358c254e861effffd4f819b

  • SHA1

    d190b480942ac732f282c61a540e9138a3e764b5

  • SHA256

    af848999a4b8df0e33f5a05a618c83d1f3052d4026ab77b2acf66def71df754e

  • SHA512

    bed04b686515dfa745ad093aba185b3d634ec3d59fe1ba0e9798822d10edf4308b583ecdb01c7ac86fae47919bab644ace11b00071a9cb303c21ee72826d95c2

  • SSDEEP

    24576:sMbkXftH3TfUdiug9T0QPaJepbT1+oFctqUJOfgPE2eFm1M8z/8XuB6eOr:t8tfUdiugp0QFpP1MpHeNgUXLeo

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs

Processes

  • core.syncsystem
    1⤵
    • Removes its main activity from the application launcher
    • Queries information about running processes on the device
    • Queries information about active data network
    PID:5017

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/core.syncsystem/databases/google_app_measurement.db
    Filesize

    40KB

    MD5

    b320408f10590b30afabc56f070b96bf

    SHA1

    aaba052ef95cf54cfb4140069efcf31c57032873

    SHA256

    5a25e56b66b5cbb164ea421197eafb0bf9c18177eae90ecc707c352500f1f14e

    SHA512

    ce2967ca944c101aefaa3bf8e25771244c8e42ccff0fbb7927409f9da1dd10ebfe46982d7c508f9adf7f645f6cd975f594a5c7c97dd61f0a5a8d95ca9acfd197

  • /data/data/core.syncsystem/databases/google_app_measurement.db-journal
    Filesize

    512B

    MD5

    08247f5b6a4f916a987b86d24cecab18

    SHA1

    a4274dcedf8670f1810cb9d89df0f594e0e31d31

    SHA256

    8175d7ff32dff2cb42014ca00da96d2f53232cea27e5c595994d988ad5904536

    SHA512

    57b5978d02b8f754f4497f9b7b90ddda2e06c3aa1da4f108551f2458b778740fd10bc57ffb9df12509637737734111c106a35f183754ff7089930af35b32cd80

  • /data/data/core.syncsystem/databases/google_app_measurement.db-journal
    Filesize

    8KB

    MD5

    0a935e6b52127c54f2421f8e2507d6eb

    SHA1

    f8a977d481cdf6eea3d62543de530cc897a03ddb

    SHA256

    2ab2d6fb1c49441b65977a2b5fa92034eaf38225f4443b24d34590f63f18b1df

    SHA512

    7d430373232fce7dd892ee0aef696681ec8c65558040ce1e0c259ba85030e9180e9ce4dce899e60123c37977b9b656814a49022daf876bbdbbc73481bfebb43f

  • /data/data/core.syncsystem/databases/google_app_measurement.db-journal
    Filesize

    4KB

    MD5

    575366a24ff7251d1adda3773c216944

    SHA1

    7f665050f9a4dc0d4b66fc06af071d10ef90ac7a

    SHA256

    d00b64201179257cdf4e5f6fd1990e943baef95a88d8532c6b2a686762ea7a73

    SHA512

    4192f315807a1cdbc733e6133d60791b0fe597ad2a7f67bb9f5c055c01d23822e9bf9bae5e7f0e5ccfe1a6c6944e7d21d06c1d309a6dab22b6b8907e493af539

  • /data/data/core.syncsystem/databases/google_app_measurement.db-journal
    Filesize

    8KB

    MD5

    5387705a1769696b1f28fd3794519611

    SHA1

    c510bc1a0c69c2b2dc7dd273cf7c58ad7babd9d3

    SHA256

    6754c003841bf29e790286c3c0cff398ea44be9ce01f2faa2d170c6f919550ba

    SHA512

    3fcfc5edfbe161ec86ac6f10ad94892cd8cbd6a94ed86710c7008092e660451120850b63aa882bb9ad793720d9c6c2df0be48ef0de64c85354f814efea631112

  • /data/data/core.syncsystem/databases/google_app_measurement.db-journal
    Filesize

    8KB

    MD5

    231034749fbb9c450a2c04e11365df75

    SHA1

    effcf3e3490ef429a0132f5d28548eabd9c0cf7d

    SHA256

    8dfeade5e3c1be0ebd49b22935f921a3f39e913ab5e997276d2c863d3a5033b1

    SHA512

    20956612058a66e52f2f8e693583b2e2c5581507f35e5d59a3211fdfacfb29ffc5cd0c4e281c0fff727c913af1adb4759e7fd00c4a04aa8d6981753c3a92f73c

  • /data/data/core.syncsystem/databases/google_app_measurement.db-journal
    Filesize

    8KB

    MD5

    6ee9630830b5338258b4dec2741ee38c

    SHA1

    eebc65e1883e1d545046b0777bb8546a020b91df

    SHA256

    044daf2658a702a922c0dddc0e8c4d68541a94842e5123d81478c850d2362cc4

    SHA512

    d9c3f62a6a7c2e023672f41c3b54d96233c36d89af5d31af9c6c31b62059425e0553bce7914df221dfd30d6092def8a552dcebc3f0f0743bf0bbae56b8a953b0