0cc56d2add55c6584921e8454308718b9f9e43bde581d8afd7e4d1a65bf6d3a4

Analysis

max time kernel
14s
max time network
82s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
25-06-2024 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app1211684.apk
Size

12.2MB
MD5

0c9685834174ec73159ce161da226907
SHA1

a205e808f00cae2bc00bda93906ed7eaa5e8b87c
SHA256

0cc56d2add55c6584921e8454308718b9f9e43bde581d8afd7e4d1a65bf6d3a4
SHA512

7e6bbef4acd6c030e45b42ef2c27cb5ea3e274098d3e344ed539357453c475eb4a4eae34394012fdaf41439869df34035010c190bfb644161364efd1841e5bcb
SSDEEP

196608:Uyd7pyOZ2AWlYijEnqV5CEfkzfZdXtw6TMxKvgOgajUwtCkZnqEcWtpUh:Ui7E4mZjq5Dtwc5vgsjUV

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

Processes:

co.ke.appcreator24probeta.app

ioc	process
/data/local/xbin/su	co.ke.appcreator24probeta.app
/sbin/su	co.ke.appcreator24probeta.app
/system/bin/su	co.ke.appcreator24probeta.app
/system/bin/failsafe/su	co.ke.appcreator24probeta.app
/system/sd/xbin/su	co.ke.appcreator24probeta.app
/system/xbin/su	co.ke.appcreator24probeta.app
/data/local/su	co.ke.appcreator24probeta.app
/data/local/bin/su	co.ke.appcreator24probeta.app

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

co.ke.appcreator24probeta.app

ioc process

/dev/socket/qemud co.ke.appcreator24probeta.app
/dev/qemu_pipe co.ke.appcreator24probeta.app

ioc	process
/dev/socket/qemud	co.ke.appcreator24probeta.app
/dev/qemu_pipe	co.ke.appcreator24probeta.app

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

co.ke.appcreator24probeta.app

ioc	pid	process
/product/framework/com.google.android.maps.jar	4946	co.ke.appcreator24probeta.app
/product/framework/com.google.android.maps.jar	4946	co.ke.appcreator24probeta.app
/data/user/0/co.ke.appcreator24probeta.app/files/audience_network.dex	4946	co.ke.appcreator24probeta.app
/data/user/0/co.ke.appcreator24probeta.app/files/audience_network.dex	4946	co.ke.appcreator24probeta.app

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener co.ke.appcreator24probeta.app
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses co.ke.appcreator24probeta.app
Acquires the wake lock 1 IoCs

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock co.ke.appcreator24probeta.app
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo co.ke.appcreator24probeta.app
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone co.ke.appcreator24probeta.app
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
collection discovery

Location Tracking
T1430

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo co.ke.appcreator24probeta.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver co.ke.appcreator24probeta.app
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

co.ke.appcreator24probeta.app

description ioc process

Framework service call android.app.job.IJobScheduler.schedule co.ke.appcreator24probeta.app
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

co.ke.appcreator24probeta.app

description ioc process

File opened for read /proc/cpuinfo co.ke.appcreator24probeta.app
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

co.ke.appcreator24probeta.app

description ioc process

File opened for read /proc/meminfo co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	co.ke.appcreator24probeta.app

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	co.ke.appcreator24probeta.app

description	ioc	process
File opened for read	/proc/cpuinfo	co.ke.appcreator24probeta.app

description	ioc	process
File opened for read	/proc/meminfo	co.ke.appcreator24probeta.app

co.ke.appcreator24probeta.app
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4946

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/co.ke.appcreator24probeta.app/databases/StartApp-d6864f2502af7851

Filesize
16KB

MD5
a04000ebb0fb9d80f9e7a4423d9ba849

SHA1
d887a57dc54a129bd2b1d57272c05ab17e4575c6

SHA256
5bd728ff7f187ce0f4c07a9fb446db6844864b1cac8bd187ca2e4cd3aefc2e3e

SHA512
f41346fcd7639ba57cf73a948973d698e5185218408a40cab95c95c9e3ecf24568f58ba1d19eb06f0dd43eb3b493bab9a05b1cb865c026a9a75b86599e265143

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
07f71735de0eda9558b0ff177e3ab37a

SHA1
0a20bad71375dae9c0407e46d5545ea0bc019b01

SHA256
7ec229796d242be90603a889821bae81836c55745fa658f5aca253c57b060ee6

SHA512
4f2b259ae947deff4194f16b0c91bcfa676fc105805d986d98f47919e10c6a91742510ed2a42b7902b5ccaedd02ac174707d18a7bce97cf8e2331d4655f6e6d7

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
da4bf5d80c474eba2f63dec4b321a210

SHA1
9a4a1af2d473b7c1a9c2948697b9d3e80632ebfc

SHA256
afd928ac0d20e6998e59425595f9648c77b3a932c72a3c03d3a08644a3dab6b7

SHA512
d2b1e482496a439d12e29e3c065a0e3bfbad7e0f9c657f8e1613f8ca6c134b5ed4937844dbdfb706078a8116952880cccf9067e14d8e88ab3ab33129d7179bf2

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
ffc0355492ffb860acb34377cb3674c6

SHA1
ff04bc72ecb10541a44626e8728f3d7b8986fcb3

SHA256
82983f1f7f1234faf807bc482409e512dc2196d7ddaafb0fcdaeeed4ad60562e

SHA512
062b55d71c7d45142c922909b0618d8ea8eaf5c9e7b6e14b02eb5a673343615af14014ccdae6122fd74a043b5078e3f454778c797bddd1891f2e4dd1f4d3d174

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
9b4635ea6d8b3ff47f220bcd684db33b

SHA1
d35f6afaaae65d5991f81db19b7d0e06ca41cb90

SHA256
b3978d6739d87dd2e2c4549ab460fa53663831bb502dade6ba6f42e78692ac77

SHA512
8b11596e60f886ad819a49ed9dbeb0c8df7ca6212920acd5e8eb39845307d6279b99f7e9aeaac14359304b182ee74d0657ed1a91fff3696201614e7f8a81c622

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3b426844711115a89d562c02265be054

SHA1
c509a433cd79ef6618963d753ba7beda60e051c4

SHA256
aa5fa19d2e9629323c9ecddf657b93f2a3015e19c7f8f2f2a3e41546e8e8e74d

SHA512
ea777e6fee97d0713df7fa61bcb30de03e6e9c224bc4b3550a51e015bdcde30913de884a54fa70f7d9fea91dcf5166451175c298bb6cd5bba4b06fdecacb397f

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
93eb8b676647f9622d98fec48bb9f169

SHA1
2d69a6b1043f1050bf6349adaef5b3bc6bb16c23

SHA256
c1cc6e84e0b2f62b72c48dfd833033080da240ca2e4670e448926d2bdfe73450

SHA512
dcc6894ab9604f3ac3d21ae5d47b8218c268f5cde98dc658e3a45882100d2b2ac2a9424420ccf152c9e745964368a1f09bdbde5cde756d7236a54dfb2c6a1f2a

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
37c1bcc08da0cc79f22646e9e1fdfe50

SHA1
0cdaa6337cce247ed871edc4a4928546bb6aa615

SHA256
1642ffe3e0c17c34f256e9e6571df9f7a1e4c312cefbb96616a603eb4f256499

SHA512
6f1aa2ed7aa6427feb16e508be490264378a3eb346aca95ecbcc541b87dccd21362c31adb8e5b71c2e37500381126b942b99de8932a7c8b51a73d324f4aafc9d

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
74c21df11106dd5990a117c8ea7ebc34

SHA1
c33bcb2c09fde3d723fb3e73cec278a57eb9344a

SHA256
8cf837a9724b0b4f39d2eabc630681969cecfa4479258887cee320194179322c

SHA512
e17cecb0079658977b5466e61f1941aff8c7decd5024a67707e1c308493087ec38300838a5ca90937da5aab0dd7c87f4e5db2e5087c7d2524534c0ebc3544554

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
e32ed07f3889a998aaa51764c05b7c44

SHA1
fb89c49aaf11514beeb0af2056f4cd336870cbf5

SHA256
5f45451d79abdf7e1e3dc3ef96151590b6a7a9bb62f993dfb03c7cf15da9972b

SHA512
20cbc168bdd453259dc0ac8cbd352897a08bfe60a65345c8fc543fc2943fb6379786145ed2ba929bfdb7cbd351ea9159ab81b7d5dcc3816c97e5aa37698bfd11

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
537f38b217418fb08df4e4f944ffb29c

SHA1
d626407cac96dd731c88812112abfdcd72b3ead9

SHA256
29900ac42cf2d30f4caf4150fe251165e8e0de4b95178350203b473b165c597e

SHA512
1303c237cdc75198f847df18b74cd4eaa40d481b4713688976d8913a1172f3da26b3d0d03c4b1d48d62f4c436878c17230ae3d4b3e4c8ab4597a27a1ceb436dc

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
4e7d5cce901a7649b4ac102614c43346

SHA1
27d089d894b73bcafb906889971bc094227f8a43

SHA256
1d17c7f35c478d8ae408fa850202bb5ea990fc46375fe57a7ce5822ec6d6a26e

SHA512
7d8fa953e2dcb214a83c61bf4e0850c94d44b739608c099d0965666861ea34e20ab2bf136144299aa4cc0a85e8dda9dab10022b575a2bf368fc1917762a24ed4

Download Submit
/data/data/co.ke.appcreator24probeta.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
115252e5999555406da7684b128aea6a

SHA1
3d54ea0d841e0e75cc321ff5f3295e3afe0e038a

SHA256
6409cc0679bd6255de4634c67aeb8639f211bfd8fcc2818b8cafec66185da295

SHA512
ec010fa6215bd716956012eea575b44e462ed7d82244eaa527a38bce10cef3845443555b30c18ec5a78a08055859189ebce189160a914544cce2c52ee350c525

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/UnityAdsStorage-public-data.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/UnityAdsStorage-public-data.json

Filesize
57B

MD5
7587d784eb56f713fc2c73cb47451856

SHA1
e15e85930507946deec88e7312f0c200f5af03c8

SHA256
bed755bd62a9d2ae33971f5e164b4a0e13c9e8767e4fa7be6adc6bb09fb1e726

SHA512
da6955405e6cef54531ccd34ced897c6b94ac7391d319fe7c780dc460af77ac4aa094766559334fdfa64f7442d0c4c19385da9c3d2cb35f5bc456c87ecbe76bf

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/font

Filesize
219KB

MD5
50145685042b4df07a1fd19957275b81

SHA1
c1691e8168b2596af8a00162bac60dbe605e9e36

SHA256
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323

SHA512
9c995725aade5f126c727faf1c4453344e37b590a14152d31d44dca3c9328a54207bbc7c840695cb55bc1b559097b457888655e11199192cd5197c85aab8b1b6

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/shared_prefs_sdk_ad_prefs

Filesize
153B

MD5
65026ee778e1372d9f4aed742772e893

SHA1
5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc

SHA256
15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c

SHA512
589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/splash

Filesize
83KB

MD5
8cf780575429f62e688e0e68fe7d8fbe

SHA1
88496bdc90c78cd671028d4204c29e1de1971d61

SHA256
108bba71d509569c8f990e54124acd516ab46e69de05e220935fb1f1689f6135

SHA512
8e8b908bf7eb493a80787dccbc60fa0aa1ca7db763ec0ed4e077e9bf762727a2e5ba9d734d7106be859d1f50630f3e2561a282a22ec4d84a1df5778a9df8560a

Download Submit
/data/data/co.ke.appcreator24probeta.app/files/vinebre_ac.txt

Filesize
19B

MD5
4ebdf19009703042ff7de8de97b3a59f

SHA1
65e23ec5135a9f212fbc92f7fb8d8bdd2581ea70

SHA256
97e477b57a96d76893d0b1dca016635744ab008d5f78f2a5ffc1b583db469edb

SHA512
ed8c1844d1d7329e8cc1a2fe9934149edf2253399616915b0700eee06470a8be40399fa7cce305d9a8baa60e589dd7027c5c0d5c10252e610865da08d7611443

Download Submit
/data/data/co.ke.appcreator24probeta.app/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
6e16f6b2867fa4234059eebf56a91399

SHA1
bd6a7a2ed4dc3c307766c3e79244b32513ea86f0

SHA256
d1bdce3feb88a04cbd2f6e82816352566c4c1e5817c9eca747baf6f67a67e217

SHA512
d2640fc593311c26b1c2eb973ab3efc178f3bd243885eec42a87c308b16e685541f4b54a962d7bf61533782292417e8e9352d4e770f8a0a729ecb71fa8efc797

Download Submit
/product/framework/com.google.android.maps.jar

Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit
/storage/emulated/0/Android/data/co.ke.appcreator24probeta.app/cache/UnityAdsCache/UnityAdsTest.txt

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/storage/emulated/0/Android/data/co.ke.appcreator24probeta.app/cache/UnityAdsCache/UnityAdsWebApp.html

Filesize
2.1MB

MD5
7adb074b7ad82735544b834e8df285fa

SHA1
0357c30709f9a36166ce69e9330ddb2c680b3e5b

SHA256
13fd491e9b8e9dbdffa45d6effa4249ada6075ccac69b5b96e4ddd5461b30c01

SHA512
5963e48c6b383b7b41960d5dc1dcd2fa4ce628b85a62d1d5b5b0468a3019533e3baf3a478ff2a266e1c366536ce287cbd4f500babb54e8508de10f9499683610

Download Submit