0cc56d2add55c6584921e8454308718b9f9e43bde581d8afd7e4d1a65bf6d3a4

Analysis

max time kernel
17s
max time network
82s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25-06-2024 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app1211684.apk
Size

12.2MB
MD5

0c9685834174ec73159ce161da226907
SHA1

a205e808f00cae2bc00bda93906ed7eaa5e8b87c
SHA256

0cc56d2add55c6584921e8454308718b9f9e43bde581d8afd7e4d1a65bf6d3a4
SHA512

7e6bbef4acd6c030e45b42ef2c27cb5ea3e274098d3e344ed539357453c475eb4a4eae34394012fdaf41439869df34035010c190bfb644161364efd1841e5bcb
SSDEEP

196608:Uyd7pyOZ2AWlYijEnqV5CEfkzfZdXtw6TMxKvgOgajUwtCkZnqEcWtpUh:Ui7E4mZjq5Dtwc5vgsjUV

Score

8^/10

discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

Processes:

co.ke.appcreator24probeta.app

ioc	process
/system/bin/su	co.ke.appcreator24probeta.app
/system/bin/failsafe/su	co.ke.appcreator24probeta.app
/system/sd/xbin/su	co.ke.appcreator24probeta.app
/system/xbin/su	co.ke.appcreator24probeta.app
/data/local/su	co.ke.appcreator24probeta.app
/data/local/bin/su	co.ke.appcreator24probeta.app
/data/local/xbin/su	co.ke.appcreator24probeta.app
/sbin/su	co.ke.appcreator24probeta.app

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

co.ke.appcreator24probeta.app

ioc process

/dev/socket/qemud co.ke.appcreator24probeta.app
/dev/qemu_pipe co.ke.appcreator24probeta.app

ioc	process
/dev/socket/qemud	co.ke.appcreator24probeta.app
/dev/qemu_pipe	co.ke.appcreator24probeta.app

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

co.ke.appcreator24probeta.app/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/co.ke.appcreator24probeta.app/files/audience_network.dex --output-vdex-fd=104 --oat-fd=101 --oat-location=/data/user/0/co.ke.appcreator24probeta.app/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/co.ke.appcreator24probeta.app/files/audience_network.dex	4246	co.ke.appcreator24probeta.app
/data/user/0/co.ke.appcreator24probeta.app/files/audience_network.dex	4372	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/co.ke.appcreator24probeta.app/files/audience_network.dex --output-vdex-fd=104 --oat-fd=101 --oat-location=/data/user/0/co.ke.appcreator24probeta.app/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/co.ke.appcreator24probeta.app/files/audience_network.dex	4246	co.ke.appcreator24probeta.app

Acquires the wake lock 1 IoCs

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock co.ke.appcreator24probeta.app
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo co.ke.appcreator24probeta.app
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone co.ke.appcreator24probeta.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver co.ke.appcreator24probeta.app
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call android.app.job.IJobScheduler.schedule co.ke.appcreator24probeta.app
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

co.ke.appcreator24probeta.app

description ioc process

File opened for read /proc/cpuinfo co.ke.appcreator24probeta.app
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

co.ke.appcreator24probeta.app

description ioc process

File opened for read /proc/meminfo co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	co.ke.appcreator24probeta.app

description	ioc	process
File opened for read	/proc/cpuinfo	co.ke.appcreator24probeta.app

description	ioc	process
File opened for read	/proc/meminfo	co.ke.appcreator24probeta.app

co.ke.appcreator24probeta.app
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4246
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/co.ke.appcreator24probeta.app/files/audience_network.dex --output-vdex-fd=104 --oat-fd=101 --oat-location=/data/user/0/co.ke.appcreator24probeta.app/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4372

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/co.ke.appcreator24probeta.app/databases/StartApp-d6864f2502af7851

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
13400fc86f710ad571c663022c702309

SHA1
ef16b5b6bcd542179247e9d4a8827aab361c346d

SHA256
1431bdd1f14d4045c09d5f956b199aa201a7b220ebf25079f1b91068c767048b

SHA512
52b5d24168e444e58e1fe954674114a9b15ce0222b5ed8ca743b2ad04baea88f553e4d5533f6fca8258724fb801ded307d3f67091df04a072cdf4f9c4b4d5bcc

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/StartApp-d6864f2502af7851-wal

Filesize
32KB

MD5
f920ae799104e52835a19178599733aa

SHA1
4546f5634f086f4e54ad1d8cd1de1ef46b1a3fbc

SHA256
3cf09bd954ab445ea4b3027316b9e6143d7e45af77f6242ff16f512c9fb0d783

SHA512
e7da15cac11d970a4ebd3adac4fe8c456576ca19e3b96564bd533660008885cab6a05c7dc6bf9fe4f554e8c61cea009707acf1f3e48d8a18fa41d4b6895e3093

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1954adde6379241c1f9312f2863144fd

SHA1
2e758ca5624a53303495d46584a3589561dd0366

SHA256
57e925d0992924ae44981f027a446106de4a6d755fe87dea40f724d3b9869ea9

SHA512
0801655b3555300ca7fdf9f671e80a0b33342517a06f14dd4d952f86e91925d7034098f590fff5a9c75ff0440c5f490d02ae65962cbe7e9bae80ea58add42cd2

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
97c93fd28dd278c39b245e993709d807

SHA1
1018c2778d78e465a38a25b0cf7bd557723e1e11

SHA256
0c7c5b4be17c42f9183c1fbd3aedc9fc9320edf2e26f969f3aa49780028f94ae

SHA512
9b9914a838b0b8a90c026eeccc1fe0a95841b690b29c40e499269a8d9667f4eaa3c21e317a0e73cc2956e30b912966e6293165b688da317337899caa9ac3277c

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
38acd0f663639f0281d3ddff8dec493b

SHA1
3066303d22c7da0104605fd3663a3d1399ea12f9

SHA256
85f66135474c373880899f78eef328df011d046857a41ccb04d2d3fede70504b

SHA512
8cdf8836bc066e730f450c84a9c0cc0d4d85bf56baa44a77d18663d468748f6d63827596086e04a8abfea1d3aa6535972c44653acffbcb99ff84d19e1481edbc

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3efa666e334d9325ea5d7b21a5f41eaa

SHA1
cbf713ff6c985415e39a2cfeeef803a59dd9ce5b

SHA256
52cc0ea54f0957afb74fc0013e4680d17d48e7eb02107b8f1cc21accf24deb05

SHA512
354fa5c4dd448194fec93dedaaba16e8ed991bf30b7e919dbbddf803d435604ba6f54e5aae7372d638abe5d07d962cf4f4ceec6aca73690ca40f99c80b970e4a

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6c63ec68448b2ccb3e73efd3b7431baf

SHA1
f2a90d750c45b2be940af9c2c8c0900dfb106ea2

SHA256
ccb3be23b31dd860264e017d4acade68f0cdb1d89bce1b9fdff8f7050e4a5487

SHA512
fe358a118db55e34ced9a7427fd3e000eddbae1d3f0906a59018e00f06905321a34d112f272d969a76cc6c72502e5447fcb3d3fe05d8ac19c25d09c5234e051f

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5cb0d257605e754150e62a04e0ce307a

SHA1
e732fbb8b530f6b24c17a676e2fb69f288103971

SHA256
934499bd143e3310d4f1edf7093f284a62a80e9ced9f5abef3b818b5b49d832b

SHA512
75b7e8b0ca3b60abd0181aed4ae369f75bd55615d5a71320a0e6ebf52c6d16e713e93aa8ed1a8a9b9fb663570327ca4dc11dadd5ca135843d9707520261817f7

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6e3df1b08ede1d84bf67f62e77a152ee

SHA1
5bc602abd6f31ea81c49f5c139635b7cdc6634ac

SHA256
0f99326b19041dd5901520b077976d6bf58ec9937955dc326e00ac4be4f214fb

SHA512
2404fb69240a06d651b8d2a61c8b29c5b47683b25450549a32980b88450f15f6627349d24a3cbe796cbffc41a9818129ac8f91e3673247aeccb74fd03dbf04da

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e5949393af68104d2108c66d7bd6ce9d

SHA1
9ddc69405337d499bad28a63878a2ee693cddd78

SHA256
8f527284d41619f3252dcae0e4f87037d6ff25ae22144e064669a2c2b7c7234e

SHA512
e4d3e69c9f2671cc89fd913a42b746a26113f60e7a78a592aa6870ec251cf082a28a8aa205407c962cbf9d31a5a9684fe49f7c5af10c6232073a9cf6edaeba79

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
cfe0e81b4306e8272f090ccc0fb2b2a0

SHA1
800398f912c06c44bc8b6734c52f5bb14706882d

SHA256
41459f290f126dcb310817c5362203ffb5521147f3b3e36ecb9dba727926ccd5

SHA512
792a232a357e02fe23754fcafa01f91271f696f15b923423365cb2bb94e5c84439b3eb452f66f5fc94c5c5e39720d2367ac27e06c7218bef96ddf01dd5654bc4

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
efc8de1c19b38a798ee1829ef31fe241

SHA1
bea85a44befc83696f842b7a6bec84239a7079d4

SHA256
83bdab7e8847603d44f6663135645d100bbc257eb56af1cd193e2fb1a21555a4

SHA512
73fbb76ae4cf476fec71d79b6bc0077fa762197dbfdf91cf462b2cbf9aaf73899f610b2f0ce66de10067f6052077f6816271a5fe7e0c00547f00f2626dc067c3

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3e1ba75b5784be3aa2f938519da90d96

SHA1
352cc86bc1736f6fa430a559696fe3e34636c395

SHA256
9a94d2e369abeda9e665f79475af35508d37feb8f7f5cc5333f8219835c3a6a0

SHA512
7fec6594bb8a8f0e683fd5a411e8ee21745b0d2a7153ed4c6f16599e19a63d328d57c5851e8ccc3c6e528972a0e62955bb20ad2863c6749d271c416f4a202f73

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
935578a6129e80e1adfa3c66018a4142

SHA1
ea35909083a5051076086192651730c5366b6a76

SHA256
50b8748dbf5bdfa69c4b465e7d484c3812f62393bfc6d7df192eb9cce678d469

SHA512
2330c5f11815d446615784a3213e90cb3762b523902d188d51fafad707505638934c71ecc01142e42ffebdb85526ac5f0eff83c13a3dded6279f2befa40d669a

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
da36a5d8ed01d8a5654dd6d7657ac86e

SHA1
434640c18e77ec4f26bf7a0e93d18fdf09731bd7

SHA256
55b2b77738650f121e256e0ee047a81561058cadaf85174ada36f1a17f82f366

SHA512
a34a1f507e56186487ebba9d71b8e396636665447f30d70721b7b23ce1bfdd6b4fe0fcc3d954d9ec79d541e84ebab8f4a1a5ddbe3929df36b70f1486d7db3b19

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/font

Filesize
219KB

MD5
50145685042b4df07a1fd19957275b81

SHA1
c1691e8168b2596af8a00162bac60dbe605e9e36

SHA256
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323

SHA512
9c995725aade5f126c727faf1c4453344e37b590a14152d31d44dca3c9328a54207bbc7c840695cb55bc1b559097b457888655e11199192cd5197c85aab8b1b6

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/shared_prefs_sdk_ad_prefs

Filesize
153B

MD5
65026ee778e1372d9f4aed742772e893

SHA1
5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc

SHA256
15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c

SHA512
589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/splash

Filesize
83KB

MD5
ee0db3d6c27fa6632d7d447d4bdbe1e3

SHA1
d6a3a214854f267a206da985867eb708e0a58963

SHA256
b8c9930623023b4e6bd63d643c6e39efafc4745ae876c9dd133193f796f8ac74

SHA512
999123422ca8a40f06e8b17874943b18dc5aae8a1fe895bdf454cfd8c26ed7a894eb5e8739264083e43329f03703b98a297617674fe36172d4a9fef51160193f

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/vinebre_ac.txt

Filesize
19B

MD5
fc61ccd173e96540ebb90c511bb5ae30

SHA1
d3170dc1d7b606b93fe0c5534d1e0719decb9331

SHA256
8869892234887f4a9a4b37246ce10e6136c6161942cc563b3fc0bdde5916a9c7

SHA512
db8bb6b150954cc4e6f4fce6a62eb209dd833f7b1c5ce364e6f20650e02152065e46e7488dc6bfbaa5f2267ccf136fe9dfd5fa599bffe0594958f35f06bb3b3c

Download Submit
/data/data/co.ke.appcreator24probeta.app/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
5bd18bb4cec0a25d9e417e722b0cb733

SHA1
19439d19edeb7cd729c57a531a6b32313e73e4cd

SHA256
f25337eec99d2e7ff577bddb7f7e4ce0ee3db970efc19d44dc0f8dd61dba8753

SHA512
510872d3d009694c49db371278b3568c065a58e9e5ae384200b1aa3a0b3ee89a0e954988049fe82ecf971ca6509b0a198bfd8630fbd9e2a3515763e2bf67d00e

Download Submit
/data/user/0/co.ke.appcreator24probeta.app/files/audience_network.dex

Filesize
3.2MB

MD5
d437cdd3ce661e6966ac9f31a5413561

SHA1
013662ffcab50bb8c56557031cf16e2fd84f4a7c

SHA256
db97838bf29d022b67acffd5f7c931ba63746eb645718a04d02ec78c576cca46

SHA512
fad474e16d5bb5f34ccd1a32d63d6f9e307f6c1052253665bbb7ad4af20b1f331f61aa9738939a122ee3fa212098a226544b4f96dfb38bfbc6abad029901ef16

Download Submit