e78a8dff098c31bbbaa3f2f6321dc9d99a5dfb14278b0936169b590b737fa78b

Analysis

max time kernel
48s
max time network
187s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
27-06-2024 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

E78A8DFF098C31BBBAA3F2F6321DC9D99A5DFB14278B0936169B590B737FA78B.apk
Size

9.0MB
MD5

5a600a4de059b271fa8fc71206f8c91a
SHA1

eaf5035ed3017e1ee4c2853328adec7f20a4d2e1
SHA256

e78a8dff098c31bbbaa3f2f6321dc9d99a5dfb14278b0936169b590b737fa78b
SHA512

99bb188ca400be26c340976ba010864a886e8930adbf13f31c4b5c85033714fa94c9cbc76a6af7e0dd0168a92b4358477519ae015c40c9816d05f5a1a2640ae8
SSDEEP

196608:DYiOSyuYlCuJFbNuxe6ejx5YO7RRlxPxpYvY2aq7fELyiqegaJMwLfCSQwxyouf:DTyLCucM6IoOfxp07gFqNajLCSQwTuf

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.hawsoft.mobile.speechtrans

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hawsoft.mobile.speechtrans/.jiagu/classes.dex	4483	com.hawsoft.mobile.speechtrans
/data/user/0/com.hawsoft.mobile.speechtrans/.jiagu/classes.dex!classes2.dex	4483	com.hawsoft.mobile.speechtrans
/data/user/0/com.hawsoft.mobile.speechtrans/cache/1582435991586.jar	4483	com.hawsoft.mobile.speechtrans

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.hawsoft.mobile.speechtrans

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.hawsoft.mobile.speechtrans

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.hawsoft.mobile.speechtrans

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hawsoft.mobile.speechtrans

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hawsoft.mobile.speechtrans

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hawsoft.mobile.speechtrans

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hawsoft.mobile.speechtrans

com.hawsoft.mobile.speechtrans
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4483

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hawsoft.mobile.speechtrans/databases/HAWSPEECHTRANS

Filesize
44KB

MD5
01ff4a6cee58d73572fc1e8168e067af

SHA1
5fd58f67c463fdba6f91c4f5a747a6301d376975

SHA256
3b734fccf83a281dec4c2777e1c488dbaa16eb6a290b74225de2e7f7e148f312

SHA512
535faa399b01a8a93964000ede2746764fb3a97c9936a534d908e8e320ae7dd6c7e04719ff800157c131294f2971e4036a199ea620d11f8660cb45c461906e47

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/.jiagu/classes.dex

Filesize
6.0MB

MD5
db465a28b313c3d8da8b79ebe2f05753

SHA1
50fdd942c8b3b6f832dc433c6596827a0bffdd0b

SHA256
b6e0b899296585eae22445382fed7fa7f5f182dc399a6fe39ddf47a23c65c77a

SHA512
db0edc8adbd2b480a4fb42353df88bfc1cad3ec35c85b206310983ac90b2e02879a54d0c4fceda2eebfc7ee981d23fa18569897264b909214c472002af0340bf

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/.jiagu/classes.dex!classes2.dex

Filesize
380KB

MD5
9c9fa7dfca884553851815919906ed46

SHA1
89a0cc62232657f8e06efb74ce78610ab1d92d35

SHA256
a379cc4d0c8631011bd6bed2500f1c16ad6bf1ffc357975eb6e5fe67090aadb4

SHA512
50b3b4e3313a1c5f69e1ba382b1cb5cd8ee2ca549f9d832990728b25bafd078c04170d5fc9dc9a24e77abff6f949115ccf6d3bd064153c144b3c74e329a71cbc

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/.jiagu/libjiagu.so

Filesize
495KB

MD5
de685970891708f6edfd18f03c6557ba

SHA1
ac50f88327652a72df73d43e9260faf169283c34

SHA256
b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e

SHA512
cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/.jiagu/libjiagu_64.so

Filesize
526KB

MD5
f3f377aff0413b6667306b3ad51a032e

SHA1
0e03658be45eb84be83a147329b82885da1b4702

SHA256
78bf69f4b3eea98355f96ae381547380263beb136fe29d630e2e3216780fdac8

SHA512
a23a89fb8721736f4c82f779f515fc2f702c0d98d696911802d57600ba4066762ade878535abdff7ba529e167d035f7b97e829dc3e1b7d04825b00d31f7d3b0b

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/HAWSPEECHTRANS

Filesize
43KB

MD5
60784b22a0ce0275cc3e490d95426754

SHA1
16441815efd2d70251a44e5075ee0cce3b858b1b

SHA256
163b4b2aeb891dd427f415d165af2219b8d612040f6c803344b85cede0fc598b

SHA512
58f423d6a982dd6415ca75aac15b3cfe7d8f0809df0ce68604187f99c191cf3e9eee5ae4a19e1f7ad1e41b580cfdb682b809b270bfe8d2817d76cc150e8d85be

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/HAWSPEECHTRANS-journal

Filesize
3KB

MD5
a2edc8079d0e59055d3aa73e635d4ea8

SHA1
e6a97b233f458b6fd1a7f900afbf83546e70b9cd

SHA256
cc4048963614b838f39ec873e460e82fbf9fbe8e7c4867b9b0e67a32e137a8a7

SHA512
d7b1ed69bcc28a7e9f3481c2207f2cf84a07fd245d0f76d2bb07f5122672a5b242205110013d90e805f8acae02b5b19a20dcf44c7eb75a9c0a0b8f7d70b33872

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/HAWSPEECHTRANS-journal

Filesize
2KB

MD5
c3370f75dafbeeea61ffc2a5aacb1d32

SHA1
d13600f85d9c3853a86443cf5ac3fc54498c62aa

SHA256
49a3f9b679f4b8d3914fdcf92abc668558d97748e0ff1566b4954d6809ed9558

SHA512
825cb037381212d20e4c0d76e3b6bd55eff9794d3ae972523b6f322668b2dd6b7078f00ef45c711e944c5292df45f7c87192804809c4bea622e643b5239e3c4f

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/HAWSPEECHTRANS-journal

Filesize
1KB

MD5
7697215d54d8cd3a59842c4f23f38d42

SHA1
c42f9ae5a496afb35f202c6399c5d2b2da1de591

SHA256
9ceef3ac223e50701d424bb33f9ef129a25b4fcdbeda3ed2d776a1f7dd1cb318

SHA512
db032eda88bed4668f5f04fe0c2234ed548dba7587a7936ce05a4b22743c66de8aafa3a7d1218f36bd9e720491ac82a03ba6ebb643b2f267bc86bdddcc815289

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5ed06e6225bb60a7cfdfc37f2f68cca7

SHA1
65a69dc68dc99ea78546d919b50f05130e644995

SHA256
3b252230568597ebab95535b9d1b76371b787cfeb17f533ffc91fceb5a1ed8f6

SHA512
7ae3093874cd50afefd170f0c639d9ffbf702aaeb2cc37408c7ef6020c5b479199d566d611bd0c0a8721852529cb576317668d84d8cc95a4bbe9524d7aea8f3d

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db

Filesize
16KB

MD5
29ec476f6d243509ddea1a21d4d544c9

SHA1
51feadbe76cae04ace910d893032d54155a6f2aa

SHA256
1eb1b0a076ad92eab15f50f913be4ab8fa78df94584c3e517c15214bd122d7d9

SHA512
9650604ba3e66844d35cdd4f5982b02fa7a787422b60a0bb220119fa273e7699a10529baafdd19aaedfe716ed297edaa8a7e077fbc42c2af616b923c4647c63b

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0ce66ad8262f4ac34cd51c4459b2d6dc

SHA1
720df0d2336d8469fd711ea9e9d88d6b1eb0b411

SHA256
b349be58e21934061c1e13685e1e336942a1be021e16e316f2bac0fb74c62437

SHA512
be9c83dcc2326800485c98477bf8ad9b6c3c24bf0886f402d2b8354771f747eea8015c57cc563d18c453c35f35543898b9189d826c549b659eefc589b472265a

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db

Filesize
16KB

MD5
26860a67815b078bd8b8d80ec356101e

SHA1
d3feef815b2482001686bad9461e0b987c2c2368

SHA256
344bc116202bdcbf6b8ba2f4b3eccd4b6b23c95a2b7d7f688bda26a82dda209d

SHA512
0d34a255a23b779e955b0cff2f38c33c9e76454cc9689df2597471867221c897dc18109462639e76a7f649f4e9d48c6fa70a4ad92f8962ab55fcd5323aee15d2

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db

Filesize
16KB

MD5
04db29d04cf4e049d02adc666523980e

SHA1
1aadf045943e5fa28ca58db9a6a8abaf7d7ad69b

SHA256
bee9975ee46a7a312fdf30158ac0532ffcbf4337ca4eefa71c8ec0edacab738e

SHA512
9eb510d198e983417085e19f292fd84aa4155a97a3c4fc4f1e7719ca64963c2194145c4132fe3dbe607f0f69605345abf08a8b46b8ca9aefce8d6bb746e8c547

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5f2cf874ac09166f1a039d454d33a253

SHA1
4afd63f991b5933e95ee12567dc16295b86ec58f

SHA256
6ef1f5f00e5044a297f1a3a4d1a51267beb360e7e4ccc58eb464df89edc88b8c

SHA512
a6e7464c2ddf721198875e951e8da0b254879f03937f6f1bb626e906b4b1185597ef9998a358d30607332a3e61de72a99eb73315c84d7ced04fd6cf681ca1e50

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c99076a2b165048178935459ce1da724

SHA1
c0bf0a6fe1aedff8496ef97fae3d7ae33e8f8da9

SHA256
ede3cd99c1b800346dbd97c9b61813c83cb9ebf9b7dc6470f7663121e1aaa5e6

SHA512
69d91523636140c5848e7977ffd18848fadcd7ec9ca3c2f3a4c829e755d711877217058aaf0c1f55010e3c0c366afc85ee8c4800239585b14e972a177307d6ce

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5efaa79cd168e5e68f36f5a318d20be0

SHA1
0ac845720453ed09dc664b048ee4a2a4e338eff0

SHA256
98687aebd86338ff801012f055cd04df44313f3c38bbe8a10b4088bf0cfb73b3

SHA512
cdfbbc3a21d5728ef92adffd1b0e26ccc0d042f97e5319b169c740b0ddb1c2cacc1746e223e8ee715ff01d3df026e3a8b5d3d62a600609f567a5d791e2a9542b

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6730413799d80be45d379ef7ab33aad5

SHA1
1d6b921695913c41588824dba69e2f1eae767b25

SHA256
379e7626275f6a1599ace3c25e06b4462606c47d9ff05a219213453120057607

SHA512
f47ac977291cc30bafe67bea90242a5dafd53919914db9ca284ef8618e76bfc027556a02e9416d699f6a75e67bcc9ea22a7a20f50a780fa93efed5abf23dd442

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dc6cf34d581117db1331114fa6304af1

SHA1
a0c43c6e86c3bed7abbd7dc7e551ecf9b5dc4fd8

SHA256
d7d647ac94f3ec42ad4559a62cb9510f9fb562c4d7c4a46545a100486f54a919

SHA512
f7a9dd973a4a5d7692cc4584b067cb500ed2b8c2229ff7f24f60b5576975d69f96fa981a1bb88b772e1bbda092e09c79e33ca674ba235b701704256235da0e11

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
99fc09845ac90951d25b17d6f1b23dde

SHA1
daced77c1d764200a734c6d9fdb4d2e2cfb4b362

SHA256
39fb34c331e16648bcbc4df61ba473b52b5bd750e67c765673ebeb61a2e96e6c

SHA512
31472b187b7d2b56d71fa9053930823b50cb3403a32d6204039a96085609f37511f8d4337763733b765235b539d4761f088e74abcf1235f9a525a42b776a49a8

Download Submit
/data/user/0/com.hawsoft.mobile.speechtrans/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
c3e17a33d6451764b4747fff6eddd019

SHA1
4ba22aad06063bc21b92e2cbd33c5a273633e1de

SHA256
732fbd86a998a5aea21da9dab7ed12463fe8611d837ecf5afafa87b5f7769f6d

SHA512
ccac6d9f4172200727f4cfee4ecba1eff8d88d1430748e7eb117d2d0cba90a30015e12f36fd8936f792ff3c8d0fbfcc2494caf8ad49e957cdebb1a58cae1bfa3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads