0e30948b3327a093bd7b35a10f65bc1f03a9b8d1d3e242dd6b5726e9136aaff0

Resubmissions

26-06-2024 23:09

240626-25grdsscjk 10

26-06-2024 22:32

240626-2fzkxaxgja 10

Analysis

max time kernel
116s
max time network
1055s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
26-06-2024 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e30948b3327a093bd7b35a10f65bc1f03a9b8d1d3e242dd6b5726e9136aaff0.apk
Size

16.0MB
MD5

be5e2f074432526ef36156e82bb219cf
SHA1

6cf0b782485e77218710fa024f1c11f122d84f60
SHA256

0e30948b3327a093bd7b35a10f65bc1f03a9b8d1d3e242dd6b5726e9136aaff0
SHA512

84633c70391513b388cdaf77634e0c6a60d270be121bfef6d94cbcc5f88e34a929659d13d2f05348e83f56c356be3eb9dc9fc44fbeca8cf6637cc19cba8af845
SSDEEP

393216:yf0YUtNuYwbvbaSafQ0Wejue+95sweOsjIYPaP:y9GNujbDaS4WeaeI5sqC8

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 9 IoCs

evasion

System Information Discovery

T1426

Processes:

com.apkpure.aegon

ioc	process
/system/sd/xbin/su	com.apkpure.aegon
/system/app/Superuser.apk	com.apkpure.aegon
/data/local/su	com.apkpure.aegon
/data/local/bin/su	com.apkpure.aegon
/data/local/xbin/su	com.apkpure.aegon
/sbin/su	com.apkpure.aegon
/system/bin/su	com.apkpure.aegon
/system/bin/failsafe/su	com.apkpure.aegon
/system/xbin/su	com.apkpure.aegon

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
evasion

System Checks
T1633.001

Processes:

com.apkpure.aegon

description ioc process

Accessed system property key: ro.product.model com.apkpure.aegon
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

com.apkpure.aegon

ioc process

/dev/qemu_pipe com.apkpure.aegon
/dev/socket/qemud com.apkpure.aegon
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.apkpure.aegon

ioc pid process

/data/user/0/com.apkpure.aegon/files/com.apkpure.aegon_c/commainw2c6c7m5i6an9. 4272 com.apkpure.aegon
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.apkpure.aegon

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.apkpure.aegon
Acquires the wake lock 1 IoCs

Processes:

com.apkpure.aegon

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.apkpure.aegon

description	ioc	process
Accessed system property	key: ro.product.model	com.apkpure.aegon

ioc	process
/dev/qemu_pipe	com.apkpure.aegon
/dev/socket/qemud	com.apkpure.aegon

ioc	pid	process
/data/user/0/com.apkpure.aegon/files/com.apkpure.aegon_c/commainw2c6c7m5i6an9.	4272	com.apkpure.aegon

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.apkpure.aegon

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.apkpure.aegon

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.apkpure.aegoncom.apkpure.aegon:accessibility

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.apkpure.aegon
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.apkpure.aegon:accessibility

Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.apkpure.aegon

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.apkpure.aegon
Checks the presence of a debugger
evasion

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.apkpure.aegon

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.apkpure.aegoncom.apkpure.aegon:accessibility

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.apkpure.aegon
Framework service call	android.app.IActivityManager.registerReceiver	com.apkpure.aegon:accessibility

Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.apkpure.aegon

description ioc process

File opened for read /proc/cpuinfo com.apkpure.aegon
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.apkpure.aegon

description ioc process

File opened for read /proc/meminfo com.apkpure.aegon

description	ioc	process
File opened for read	/proc/cpuinfo	com.apkpure.aegon

description	ioc	process
File opened for read	/proc/meminfo	com.apkpure.aegon

com.apkpure.aegon
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4272

com.apkpure.aegon:accessibility
1⤵
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4506

com.apkpure.aegon:accessibility
1⤵
PID:5552

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.apkpure.aegon/databases/StartApp-d6864f2502af7851

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.apkpure.aegon/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
55ad8af133dd1a01623326784110e497

SHA1
0afd7aaa1acfc346904de27ae11b2151605f97d0

SHA256
17f39cc17b13809f20f157c47537f079634b951da964fa0bb3929a4e367a9117

SHA512
30bccfc14872dbeb450068c42ebaaa4d67b94f6a7e3961a58ac636134cdeccb403c69f338c11a092d38726676fce55f51bf10c7f1ab27ba8487eca54de810946

Download Submit
/data/data/com.apkpure.aegon/databases/StartApp-d6864f2502af7851-wal

Filesize
28KB

MD5
dd837e823edb7fa18b9f428d97e81ffb

SHA1
b3ada6f2bb39809b1ad0a548b2478200d886d63b

SHA256
fee848c6ab1ca234418897abd9e04c5a0d306bb3be43d34075eb143777aa586c

SHA512
59ddce603d48ca119e148d1251eca21fee1789546845fb3107c20c9d5de5dab69e20614f6729652756429a7a4a08d8aafeebcb841b536c210195b6bab5e3130d

Download Submit
/data/data/com.apkpure.aegon/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
c6b820e32f64c16ad405278b95166601

SHA1
c24d04ad996683f1f55bbdf9e89339c01b2c3fa8

SHA256
d4700de8c86dd43443edf7764854d3c7d94c2cb4f5fe484582389dbc9a711e68

SHA512
7783dd7d70f287a367bd34bb84e73ceb2515f50fdc06230f5127d6172de0cb2f9b54422af0764003ebb1e0605ed8eeb2007c09e65d30b81734a6131d6317d711

Download Submit
/data/data/com.apkpure.aegon/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ea9e604d556d3aafe9de033c6602b475

SHA1
11adc33ad1f38f61b6ddc382bef16abe8f880701

SHA256
bf005511349dc8d4c989abb9656f937ef44a30096c3a906eca29c1387701db8d

SHA512
fb0dcd700379097aae1d4637f1bbbe65d242607e1597cb92da58a53871f066962e71429fb38fbef65642459ec737a8dd5cbb1b186d179af1d8ed5467ae857329

Download Submit
/data/data/com.apkpure.aegon/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
438d6b5b14d06a2e4b92fc1d706b1bf2

SHA1
d4229910b76056790a8b11501cf385e0c1a9d650

SHA256
320a16e2bf685cc7acf80df70fe4eac95ff41bbd77fadf994cb45091ceea565a

SHA512
aab35919c96503dc7447b6303abce7297fef315b2bd690fd85e8a8e225e3eaf36e8902c92f54039095fe293f8d1c528f94bea05f23a28c7a99c87f64ad4395e5

Download Submit
/data/data/com.apkpure.aegon/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
cb0d3a56ab9a0635868364114d5af324

SHA1
89e1c73de59dd92ea641b9258da82a413298935a

SHA256
01808ee59c3232666799d4ca69cc4feb717826cfad147c4f9a299ee8afd4c8ce

SHA512
ce08f7b0be560f01e679b61bbd0e9fc0f45044945d0aa57047c6e2b47fe56b913a477b09a5fc2c8ded6f12827638463f146aed3da5c2a44d5e67260d685c68e7

Download Submit
/data/data/com.apkpure.aegon/databases/downloads.db

Filesize
4KB

MD5
61473f4e61e243f76500cd1b46f04420

SHA1
fb68fc2ed24ef1da8fecfa8d82c47499a0ec81e1

SHA256
9cbd755d9f2dd4b1b0362ba4eefbd66c31cf75459464deb1ac54c22636df8c33

SHA512
e513af60c52bc4c5e2c859d740cc1c4897c9106fea2e6bab9a91852492834f068864430feb5288888489341898cbcf7913cc94d1e27f94e7dedf70f827452a97

Download Submit
/data/data/com.apkpure.aegon/databases/downloads.db-journal

Filesize
512B

MD5
beeea94cbcb165d5788667a413486414

SHA1
d589e74e7db593bc08a9688a677c73168c65f903

SHA256
da376eb0537b62c21c991b776a0f83b4da8c6b1bb755b1702a56c8d9fd1c5d4d

SHA512
6ea1b282695839ed5d9f700a3210c25dc0cbdf042d6a0a8950034df4db97b35deab69bca7ab27aa9aa4d969805e37993158b84df1580ed15abb33419087c6e5e

Download Submit
/data/data/com.apkpure.aegon/databases/downloads.db-wal

Filesize
140KB

MD5
0b84942a23dc9e0b9074b3bd6dfe4400

SHA1
4ff7330881fd5576883e14cc2584082ae6d7fd5b

SHA256
d341fe27f5560656059a79b1443c516081f2206699490063a1be177fbfe8ae23

SHA512
e09a159eb068a8dc7f10387793bf2536c2ad80161ad72b52a34e91e23a27a15a90092c153989a4ae2169d202c88d58f92c38c8bef40cf4fba0fc9ea0d7850ff6

Download Submit
/data/data/com.apkpure.aegon/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c9b2b04d8b8f55d611100e97e6d90e8f

SHA1
a354ea7f5fa2a913c70fc0adf85c0e775665dfd9

SHA256
e094e920a98b6c3135c1c9d686834524a1d96286e32e10a1ee9805747eb483b9

SHA512
083d98b84514b3d67b1f142c7471f00526e30e2f860fa39fee5bbe32b51b28f5e85dc7fb90100d3902a18d629e7469da509af6543c90a15c8998362b83ac8a43

Download Submit
/data/data/com.apkpure.aegon/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.apkpure.aegon/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4704265a8178707e2aa16f9bd8772295

SHA1
5c15367776c8ccc7a23e0b26b38e8d18b9975784

SHA256
60b3ab9158795da93f72e7722a71865ea796d7af8220a7590efffb21a1d3851d

SHA512
f627d9039fe2c7930ff50eabd4e15949d31b753461c5bb3579c7ff4a700b5ea33e4624df89e729e8d3498be3004cf47d2c0cc089802f31a8a282bc6d4875cdc5

Download Submit
/data/data/com.apkpure.aegon/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5b906a55670a61c60fbabf882a9a33dc

SHA1
ec6692bc198ca492aa098a6240e2ebd2255e8b88

SHA256
f451678afc3e456a0705cb86131181ff8f3d60777b41c480586c45f33385a6d8

SHA512
08f9c0b9b247040fbea7e7ba0636219299a24334e2bdea8c74d73768168834ff92f3c63cb32abcc0c8f4de0658d6962b13df4b6a71db66f0a8e5219b8296ce9b

Download Submit
/data/data/com.apkpure.aegon/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c5f8689dc9d0df955384fb99795ebb72

SHA1
b05009d1ae2f248cff2419de2bc3e31d9fa1c09f

SHA256
ed83fce7cf44283920efff58a4f2a0af1fec11585f933cfec28426f1a56950a7

SHA512
43fec9f1a615117d1494e0536d65e7507a3375994d89d69ac813d27d7fd6b49017c5b953b97bc84f96941815606373ea7fb5bc284c02c6379d33466cb0a62e73

Download Submit
/data/data/com.apkpure.aegon/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.apkpure.aegon/databases/google_app_measurement_local.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.apkpure.aegon/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
588cda7876e3191a5c1b6bf9116616bc

SHA1
a4c7b4dd1ca20651ddb93cb4d4794db720e1f7c2

SHA256
46c174c3576bbbcbd093a70b72a0af120660ad17df7d9209a99ad8de81fe62ab

SHA512
093a046396a7adcd1f7746688ae4eeffbee75dd2390dc69babf6bd338df303c52201cea4a2b135088a838e47296186e11d47fb43a58e61762a3a83ba655e1d7e

Download Submit
/data/data/com.apkpure.aegon/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
0bff49a1c36f53bf2ec72b12ede1cf4d

SHA1
06be081a56a6c97ceacef950735f8fee6876df68

SHA256
46af83d2252be93275a6eeb2f3747990213f285758fd9af87c806beebc9b00e4

SHA512
d5c8fea4316c281cd8d24998a45b7d1cc943d871d75a0bf8885847c448aa4d8cc91b4703f54d92900a0aca26769d4225f0eb2962ae70974fcbb037406a45acc8

Download Submit
/data/data/com.apkpure.aegon/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9bb492461c3603ff91dc97e0142f9731

SHA1
ad1106a4a7051925d6a666338cc8779be5e075a2

SHA256
64ec51ae4afe55e248b97a88f127a7b5158845c7da28990218aa82fa526e8716

SHA512
9cae3b0b8fae0585804dfd8ca93f74d56612089f2821ab17f9488a27b5d1618964f75c82c73edf2b64860c869a7ba003adf6bcbdd73d99e1deb06c8650397283

Download Submit
/data/data/com.apkpure.aegon/files/.com.google.firebase.crashlytics/667C9FD603A3-0001-10B0-8A4E45E35014BeginSession.cls_temp

Filesize
75B

MD5
1213df9d0e072621ba3c1d359b482d8a

SHA1
84c5d26fbe2e74a47789a2f14efe4b0bf57c2564

SHA256
ce87c6dca0363f32ee5ea8da7c895d1903b96506b48ca347c6f6fa5b01aefd09

SHA512
c3d9395735613bde2e0f93a69dc44d115b235297608658554c2bbc23a0ebb65a9c42cfde4e11167f5a4a19faa82295bd9569786d810d700164741fc533b0f58f

Download Submit
/data/data/com.apkpure.aegon/files/.com.google.firebase.crashlytics/667C9FD603A3-0001-10B0-8A4E45E35014SessionApp.cls_temp

Filesize
75B

MD5
ad79b602c64559ea01b59b476e1eb94f

SHA1
b32a550f068b7cdce9fec919cbf12a58d9e2e465

SHA256
e9bdf9f3a003ee7eca8fafc70f7b9617418b1af89da57ad9b052efc29328e448

SHA512
4e00bd14e3ae4a9c50db4f2fed9437cc42c76f48db01925cf77d4b50b624da5ecbdcc0aa7df63b9f940748a05b754e4db6388c72f72933aea0a74a5c1703a7cc

Download Submit
/data/data/com.apkpure.aegon/files/.com.google.firebase.crashlytics/667C9FD603A3-0001-10B0-8A4E45E35014SessionDevice.cls_temp

Filesize
48B

MD5
1259ecf4689f83376bf373856c23d57c

SHA1
19507a1426d938dd77930f194bd65779565f5982

SHA256
2861892e8f098662c173abcaf15b2480496b48dc1e96eb777cd6a3124dd63e17

SHA512
0ab328ff2fdbb8b4778315c9ad769b3205a29c39771162529bd5598a5e370468e75edb05b89cf0d6f3e18d226fa2bd19fb70e68fb59023a80fe49f8e3185b230

Download Submit
/data/data/com.apkpure.aegon/files/.com.google.firebase.crashlytics/667C9FD603A3-0001-10B0-8A4E45E35014SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.apkpure.aegon/files/.com.google.firebase.crashlytics/report-persistence/sessions/667C9FD603A3000110B08A4E45E35014/report

Filesize
748B

MD5
96a8a89ae181eeabb1473dcd13ce41d4

SHA1
6192b141efeb9250c53c4afe35a4b982a85b4d93

SHA256
baa4a8f5ea6754a790d964ac411ca008f1dd291595077e3c1d72b345c7fe58dc

SHA512
6831b7617578e6e1bfbe1e4dfe6fc19e62c6c3a52830e567a134a2319fe2afc28534fedf9346382e5d5fae54bb587d3716ff9f225d80b7c8117b80a35b89a908

Download Submit
/data/data/com.apkpure.aegon/files/PersistedInstallation1537420246860906946tmp

Filesize
32KB

MD5
2221502953d7211bb1d44310b526932a

SHA1
cb3c16cb877c388534d62171e01c35c05604e979

SHA256
722c04e7100feedf3390822d7ef98d803100fb2850442a3dab8613a3b2be91f5

SHA512
e980f3d124112b4abb591850b5750ab128b2f064943d1e091ac5380dd0de62cd1f34ae7129b773d08c9fb2cfc68a2249674348c9a236653503cb8e67e5299324

Download Submit
/data/data/com.apkpure.aegon/files/PersistedInstallation2135830908870133076tmp

Filesize
560B

MD5
e92cd085b5f9e333858ab08ea26833c8

SHA1
be3fc65c86a0597db1fb4fd37e90792e7e38ec99

SHA256
8e48c696b8f1cad969ea060d3abc8fa84e19727ee01d442d420e80b04c734575

SHA512
4b072eab24d12140d4f25262b4893db4b4127c776a756066b5b7de012a278c6586a32b99ccf9d16961c836e6afc9032416bd5a7bbca575dd2f3248dadcd94988

Download Submit
/data/data/com.apkpure.aegon/files/com.apkpure.aegon_c/commainw2c6c7m5i6an9.

Filesize
34KB

MD5
ed492e385dc73fa4c12998df7182df86

SHA1
3dd358f18a7e3bb8f502cba3847aa8bd7da22762

SHA256
f8afb8cf7fe2782739cb7dac6edf0a1f7923168ba2783ba9fb348f904f23b4cc

SHA512
72e242b25d5c094e02d988c62d96413740cad8339ca1b7e6d6e98817f542d171c876139bae9cbde4ee361eccf963f12eed015b796e18f90c07c36b8444195386

Download Submit
/data/user/0/com.apkpure.aegon/files/com.apkpure.aegon_c/commainw2c6c7m5i6an9.

Filesize
78KB

MD5
31e49ac1902b415e6716bc3fb048f381

SHA1
49e5d0883a1ff5147eadc0d8ec46299358ebffcc

SHA256
ed2d91e9d6429ebf0371a98f2faecdc755b766faa4e70b6fd9746853c9b69234

SHA512
b26c4d314da292dbb5f1869f1f49ee7b70d004826ac2301d6e9879af9d286295b67de39da805eec71de597c8214c0b11ad3b79cf4be9d46468904e40860c8afa

Download Submit