Analysis Overview
SHA256
af848999a4b8df0e33f5a05a618c83d1f3052d4026ab77b2acf66def71df754e
Threat Level: Likely malicious
The file Skygofree_pe.jar was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Queries information about running processes on the device
Queries information about active data network
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-21 10:07
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-21 10:07
Reported
2024-06-21 10:20
Platform
android-x86-arm-20240611.1-en
Max time kernel
7s
Max time network
158s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
core.syncsystem
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| IT | 217.194.13.133:80 | tcp | |
| IT | 217.194.13.133:80 | tcp | |
| IT | 217.194.13.133:80 | tcp | |
| IT | 217.194.13.133:80 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.178.2:443 | tcp |
Files
/data/data/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | 3d152de58b51d52e605d9b96608a4cac |
| SHA1 | 2a7063e518ae503f6fd575cb26c710c144f60d7c |
| SHA256 | b1d3f5e36122799f89e0096c09ac3f9a8b294d98239ac96f4a66791019583fab |
| SHA512 | db5f8a4fda13614963c0830476e32e70eefe4e919bbb126ac56c266f0adc9293414fe0ffd6a38dd2c29f8a01084e874d56883cc95218e896f20b751a18591af8 |
/data/data/core.syncsystem/databases/google_app_measurement.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/core.syncsystem/databases/google_app_measurement.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/core.syncsystem/databases/google_app_measurement.db-wal
| MD5 | fdefa6ff139fc6933c29f36f40f8ff97 |
| SHA1 | 748c925db7787ae2fede724700ac6cdcdcb32bb1 |
| SHA256 | 1ffae7077c1aa1dc41616236c088895476449d3451e47961e37e5230bfd06b78 |
| SHA512 | af2a721d827b312ef38ac82c85ab154ba99a756d340ab5d51d21c2da13e0988ea15c5629ac947afe931a1ad20c6cb8d274b5a79315bbeb6d7cc5fa753c28dc5c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-21 10:07
Reported
2024-06-21 10:12
Platform
android-x64-20240611.1-en
Max time kernel
7s
Max time network
188s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Processes
core.syncsystem
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.234:443 | tcp | |
| IT | 217.194.13.133:80 | tcp | |
| IT | 217.194.13.133:80 | tcp | |
| IT | 217.194.13.133:80 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp |
Files
/data/data/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | 08247f5b6a4f916a987b86d24cecab18 |
| SHA1 | a4274dcedf8670f1810cb9d89df0f594e0e31d31 |
| SHA256 | 8175d7ff32dff2cb42014ca00da96d2f53232cea27e5c595994d988ad5904536 |
| SHA512 | 57b5978d02b8f754f4497f9b7b90ddda2e06c3aa1da4f108551f2458b778740fd10bc57ffb9df12509637737734111c106a35f183754ff7089930af35b32cd80 |
/data/data/core.syncsystem/databases/google_app_measurement.db
| MD5 | b320408f10590b30afabc56f070b96bf |
| SHA1 | aaba052ef95cf54cfb4140069efcf31c57032873 |
| SHA256 | 5a25e56b66b5cbb164ea421197eafb0bf9c18177eae90ecc707c352500f1f14e |
| SHA512 | ce2967ca944c101aefaa3bf8e25771244c8e42ccff0fbb7927409f9da1dd10ebfe46982d7c508f9adf7f645f6cd975f594a5c7c97dd61f0a5a8d95ca9acfd197 |
/data/data/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | 0a935e6b52127c54f2421f8e2507d6eb |
| SHA1 | f8a977d481cdf6eea3d62543de530cc897a03ddb |
| SHA256 | 2ab2d6fb1c49441b65977a2b5fa92034eaf38225f4443b24d34590f63f18b1df |
| SHA512 | 7d430373232fce7dd892ee0aef696681ec8c65558040ce1e0c259ba85030e9180e9ce4dce899e60123c37977b9b656814a49022daf876bbdbbc73481bfebb43f |
/data/data/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | 575366a24ff7251d1adda3773c216944 |
| SHA1 | 7f665050f9a4dc0d4b66fc06af071d10ef90ac7a |
| SHA256 | d00b64201179257cdf4e5f6fd1990e943baef95a88d8532c6b2a686762ea7a73 |
| SHA512 | 4192f315807a1cdbc733e6133d60791b0fe597ad2a7f67bb9f5c055c01d23822e9bf9bae5e7f0e5ccfe1a6c6944e7d21d06c1d309a6dab22b6b8907e493af539 |
/data/data/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | 5387705a1769696b1f28fd3794519611 |
| SHA1 | c510bc1a0c69c2b2dc7dd273cf7c58ad7babd9d3 |
| SHA256 | 6754c003841bf29e790286c3c0cff398ea44be9ce01f2faa2d170c6f919550ba |
| SHA512 | 3fcfc5edfbe161ec86ac6f10ad94892cd8cbd6a94ed86710c7008092e660451120850b63aa882bb9ad793720d9c6c2df0be48ef0de64c85354f814efea631112 |
/data/data/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | 231034749fbb9c450a2c04e11365df75 |
| SHA1 | effcf3e3490ef429a0132f5d28548eabd9c0cf7d |
| SHA256 | 8dfeade5e3c1be0ebd49b22935f921a3f39e913ab5e997276d2c863d3a5033b1 |
| SHA512 | 20956612058a66e52f2f8e693583b2e2c5581507f35e5d59a3211fdfacfb29ffc5cd0c4e281c0fff727c913af1adb4759e7fd00c4a04aa8d6981753c3a92f73c |
/data/data/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | 6ee9630830b5338258b4dec2741ee38c |
| SHA1 | eebc65e1883e1d545046b0777bb8546a020b91df |
| SHA256 | 044daf2658a702a922c0dddc0e8c4d68541a94842e5123d81478c850d2362cc4 |
| SHA512 | d9c3f62a6a7c2e023672f41c3b54d96233c36d89af5d31af9c6c31b62059425e0553bce7914df221dfd30d6092def8a552dcebc3f0f0743bf0bbae56b8a953b0 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-21 10:07
Reported
2024-06-21 10:13
Platform
android-x64-arm64-20240611.1-en
Max time kernel
7s
Max time network
131s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
core.syncsystem
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| IT | 217.194.13.133:80 | tcp | |
| IT | 217.194.13.133:80 | tcp | |
| IT | 217.194.13.133:80 | tcp | |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp |
Files
/data/user/0/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | 701f39d41dd87d3a40373490779f068d |
| SHA1 | 34ae593732982da05b905e9b03f19b76d2f69dd1 |
| SHA256 | c77d46f8f2c6acf5055ade0d486525accef418a6036c27a2c2e09985b1c1e9cc |
| SHA512 | 03c55c45f56a6021a3a0d656e6d9646d7565a74acaa7d227154381635d1957f28183943a020fb79482087599a2e64d155172e3ceba20d92240d10e54ae00c77e |
/data/user/0/core.syncsystem/databases/google_app_measurement.db
| MD5 | 1bf13917264b6e68b2af9cfbcfe091b4 |
| SHA1 | f70f28219e488440e286d0ed5643e626935d278a |
| SHA256 | 2a2f245122946a34b94705745dbde198778edc4d2a965195ee7424a1906060d6 |
| SHA512 | 1e0c2603bf954bc2aaaea5cab099c8b8a2b9ddb3b065b2fa42fb62a2d9ca999c0974fd4fbd6cd3563b10be2aad61cf52729cdf17764a57b7217ec7f4bcb483ca |
/data/user/0/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | fb0317465f1af4c2b35c136273b457ea |
| SHA1 | f58e0c5cf55a57aa515e1ff41c3beaba09823226 |
| SHA256 | b2d3b6bc69934a2c881871e770e5843975ad7db92e3b0b3016f44f8ddb415d55 |
| SHA512 | 7ffbe259e726e50ab8285ac32305812780580e93bdeb9bec06dc4c1c89c031e07caf807b16f7575b2b06040ba6fd4b51dc74c26c82195ef6c04fc21e960fc746 |
/data/user/0/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | d0eb5da53f53e07691636ed03b2f6e57 |
| SHA1 | def5eebaa48d889bea4457bf0ef7de9743ccb0dc |
| SHA256 | 2d2ad677665f81f22776bb5bdaf5d0a87bc483e27d5bafaa7ba99ff4f3ea5434 |
| SHA512 | 8583f8b31fd218c087f231f55676724f273c9500ab683f1e77c82ea18b5b91a4871d83fb21c54389d7c9956046d36d251e239bf31d6f61db10f1fc0b7b9598ec |
/data/user/0/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | ce98b1bd185d31ab67341124efcbde84 |
| SHA1 | 13f619fb2c92a6ef38c3cbbd5d250c26db3cd303 |
| SHA256 | 73a7ec043c58a8ac2a369879968dcc502ebf2d08d905351171716f37c24eb71c |
| SHA512 | 05dd0fdc05c75e6de71d275b53de223959c3bc0ec95bf9b8bf973d7a32bdee65baef5d0d917ceee061a64cb1a08e853b033d3949ab1d4e75c8a664575dbaac6c |
/data/user/0/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | 0b3e0bfd4262b350f63f0110a0878c42 |
| SHA1 | dc285381c2895b7555a692509ec58f50a4601a90 |
| SHA256 | b50702f27d5933cd1f220bca3ac448307709d7459fd90d2258d9f74748729e1e |
| SHA512 | f8de29825f7166b79ad024b05466ce3e23613e19f69d51359febdb09d989f4e2212fb8b99081ad2557809cab36484d41d545e078f8a7c8ed0fb460e79fc2a681 |
/data/user/0/core.syncsystem/databases/google_app_measurement.db-journal
| MD5 | c0612755e6587a2158b893523cd0675d |
| SHA1 | fbce08a580d50f5f9047299b00a54d7d21c171b6 |
| SHA256 | 1ffd196cf6580f6d4c4d0f873cc0a07294a0465dab05908884b1dda37ec48f74 |
| SHA512 | 49dd6d4daedd5a66a2980ad4bbe695b5b211a53daa53a8e1706dd5d42cd095612a85cc8bfc23469a959c3d6a612384a8f471ce77738b891b5132e729f8bb9b24 |