829363eeefcda1a03f9e86ffc6e540fcc95a29774d24e6e8322d517976dfce3b

Resubmissions

11/07/2024, 00:25

240711-aqm63s1cjb 7

11/07/2024, 00:23

240711-apyw7a1bpc 7

Analysis

max time kernel
179s
max time network
194s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
11/07/2024, 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bonlab_2.0_APKPure.apk
Size

76.7MB
MD5

bffad66f7d641f55682d9093bce86755
SHA1

39c2f26a07067e7f04387d8045182c5c9333c12c
SHA256

829363eeefcda1a03f9e86ffc6e540fcc95a29774d24e6e8322d517976dfce3b
SHA512

cbcc59c9a522a5c24496871631d3bad9bbb91f420fb277d1d88fb1ca2795311568e30545b2145871b28b15168347b9046a49f833b8443d92d626e879ce46ed2c
SSDEEP

1572864:2PSO3fke+d9l9nHkGHgssCD/7flitfBNBfXSUR5xsoAdLU6Y7fbE:+S9/nHfHgssCD/7flitfBNBfXSUR5xsF

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.standappstudio.bonelab/files/audience_network.dex	4373	com.standappstudio.bonelab
/data/user/0/com.standappstudio.bonelab/files/audience_network.dex	4373	com.standappstudio.bonelab

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.standappstudio.bonelab

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
13	api.ipify.org
14	api.ipify.org

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.standappstudio.bonelab

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.standappstudio.bonelab

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.standappstudio.bonelab

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.standappstudio.bonelab

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.standappstudio.bonelab

com.standappstudio.bonelab
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4373

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.standappstudio.bonelab/cache/http-cache/23e329817fb13669d33e1f8989ea8a21.0.tmp

Filesize
5KB

MD5
7c53f2cb9aacbe9d2239197020b5173f

SHA1
c9a3b05f079153f1d4f83737a282fac7e7cd829d

SHA256
ac2d52c32dc8c8b5a2b2a4deb391ce6bafa86b81653c12470c67a6c2819cead7

SHA512
57da81d2d959466e9b4f6f8bb19ca7e87030da7bc2f8affbcf50bfca16512b674d53524654f2057c003c3878377182e6b5f7b81985e9e4914bfd02bcd69d6091

Download Submit
/data/data/com.standappstudio.bonelab/cache/http-cache/23e329817fb13669d33e1f8989ea8a21.1.tmp

Filesize
48B

MD5
50bb521715128089b43691eabc2b153c

SHA1
3178d893c0bf24a64db65a92562fb12f2f472035

SHA256
85d44fbe6d093e724fa7aa7c33866d1be383427518d1469be7f1cb71b6691717

SHA512
2912ba7d1c5de599dd38c8cd49511d2b5d7f31a2175e65df2042a8008f8ca439fce97117bd4dc16198b1b14e05fccd541439e4ce1d362459593bced651d8bc3c

Download Submit
/data/data/com.standappstudio.bonelab/cache/http-cache/5007da20d5a229da2e625722e49f369e.0.tmp

Filesize
6KB

MD5
d1a941d6425b5a8de47fd245f0d16d57

SHA1
014384b63637e9f339336ec5e26a6f9094d27377

SHA256
6f47932f1832a367bd89daf8d5e970cad9da26099da77ec88e596f0c7d704e76

SHA512
0826361cbaa8d450c6055df2e5c04e3c2b6107cdad6d7930201bfb1b39297aa007da3616ffb14d9ffec910d1b43be358fdf89c3c2e65dd3b47a96bed2eab5ecf

Download Submit
/data/data/com.standappstudio.bonelab/cache/http-cache/5007da20d5a229da2e625722e49f369e.1.tmp

Filesize
13B

MD5
907326301a53876360553d631f2775c4

SHA1
e900c12c18a7295611f3e2234bc68e8dc0501e06

SHA256
d5543b3a5715587c9c0993a7f56f3e1ee445af837f62c38f2f3457a2ea8d00c8

SHA512
435c1fd96b79b70c370d6f769d44eca3e682404189ff42a6b5718c21bf9dc8358d72c115d68dc25014b8cb9c709af0e64de012103fce687cf4a340fa8f3ea2aa

Download Submit
/data/data/com.standappstudio.bonelab/cache/http-cache/9b0ea4f9b3f48a4eb06908e58d849b83.0.tmp

Filesize
5KB

MD5
c5dd57c4fe9bf3bfc4fd267e396c7071

SHA1
b4894b2859ec9d13d94c070d2eaea07a2275ad1f

SHA256
625e6b28426e63203b6b94e874eddb7616cc5fb4169b833597473b8081caa2c3

SHA512
dedb3d4140a852633620991d4a36eb5d3d68654d39c8e69eafda7e70fbc2856c8a1a24bf664f10b82193361242838c0748218857fcfa05430e3aa904f09508a4

Download Submit
/data/data/com.standappstudio.bonelab/cache/http-cache/9b0ea4f9b3f48a4eb06908e58d849b83.1.tmp

Filesize
5KB

MD5
c9338b72862948015c478804ec0e56ac

SHA1
0b6253eb3521bf53ecb008bfee369c904c44c0bb

SHA256
8b654b4c381aec6ba50632fc397b11794a2a055d2dd039f949e76b60d4dd0508

SHA512
8636c984f18094216606b079ebe92a31bcf466376e256f2713e465e558c992c7da4b05335a7df0b1958b4497769be9fe465f22b70949483b070317462924bd0c

Download Submit
/data/data/com.standappstudio.bonelab/cache/http-cache/journal

Filesize
296B

MD5
d29d9d149b8abfeb1c2695cc852ace16

SHA1
c4689f05d12632d82e584bdbaf0e67ec3cd3f891

SHA256
473ef077f9bf7fbe2e4394ae1c2c9769d182c168484697a40ce20e1293b1a48c

SHA512
3f73a3be50f23155f45fbc76b2e83575bc49b28b6408e0b51391e29e791125c4d806a3616e411a48127024e5789866bb02a6231781033ab527fde0dc88a3dd52

Download Submit
/data/data/com.standappstudio.bonelab/cache/http-cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.standappstudio.bonelab/files/al/persistent_postback_cache.json

Filesize
9B

MD5
a5612927e7792641607f093050b775bb

SHA1
99216e1430784a2fc369f81e03a28e5f681735e3

SHA256
4e89c765f879a6052bf02aaed88823281bbeaf0e713f91faecc643d6d31326db

SHA512
3ce4dd5f437b9405ea6e4d6bcb16512c98914b2dd15a01facab5fc68126698cc37e0448fac28408560552e9688ad1b6948e0fb8c9d11f893635d20e970cd9090

Download Submit
/data/data/com.standappstudio.bonelab/files/audience_network.dex

Filesize
3.2MB

MD5
42a776716f329899669f6d761d626003

SHA1
7c8a66fddabe92a33367f14c29f13955149223c1

SHA256
7aae06433cff5967ac254484d784c2c348380891d0914c56de64e7e006668cd4

SHA512
bebfa64178281625ce6a58a3ed61ec0b80278041b79a6db210ffc5e0536056174582daa32c2042d1dac5be7a5b8afa19c55a92b7067ada2f25072375c8e22cf1

Download Submit
/data/data/com.standappstudio.bonelab/files/oat/audience_network.dex.cur.prof

Filesize
366B

MD5
4381f6c6e2a43b922e501acebfa16dd6

SHA1
6975c46203c18d6772886291df4e2b5bc20e7cec

SHA256
a9ef2e1b327416309b91f9e08756b3ba5abcc16de68936521cae7db02a6eb7d2

SHA512
954fdf0809358be88f5265552077bfd144174fd6b29c1eb66134226970b748b5f40e78a9560758926fdc279be3d74f3071707345d37d6006266f5be9bb9a6892

Download Submit
/data/data/com.standappstudio.bonelab/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.standappstudio.bonelab/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
b7323270948d26d54dc2afdf9adfc89f

SHA1
4b1bcbb2426f00906cd0cdc7908fb4c2b07b5dd3

SHA256
6d236142caf9bffa0294e4c67c113952925ae3cf1345edcf4db2ccb55381ad46

SHA512
97c032f3c6494ecf8127472a13c7d530c9011a1dd6eee80262880e69eed37eec7a5b9e50f32dc8ce2603c144ec4394754603a0447429dac22f5083d63ceaf68e

Download Submit
/data/data/com.standappstudio.bonelab/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.standappstudio.bonelab/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
7cd479e91909f732a44c78e674446544

SHA1
ef2d055c29806d3be4f3a05a4fd5f7b8f765af36

SHA256
a70e88e171742f9d1059fe1c5441e1e69e46943537ed876e3ba4fd4efc00c2f8

SHA512
850368b40800441d4d157c2d8585f97b9906882c81c079a345c1a21bbbe4bacacd5c4effe7609a5df4a84cfe3824eeb9f7a68b3f6e2d60cced067adfc28f4602

Download Submit
/data/data/com.standappstudio.bonelab/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
c3c8a9f3685e278d280af41b359e1075

SHA1
628a41ee5a25ef9227348a929037b212885201d1

SHA256
983a70f23d1c0a5bb68166d8e51ba47e44ff70bb426b221a0129a49b7e61ccf0

SHA512
09795e432f4fc00d9e4eef04508542c00b969f5c9d584f7d7e49f639c31f09df53444e2f2250d26b8499d58926108ec039f33304922cce9d0a45a4bdb64bb157

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads