Overview

overview

10

Static

static

6

v-sat_v2.9.0.apk

android-9-x86

10

v-sat_v2.9.0.apk

android-13-x64

10

Analysis

  • max time kernel
    10s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    26-07-2024 14:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    v-sat_v2.9.0.apk

  • Size

    30.3MB

  • MD5

    257028d0b3b3b8f7121e7b4b651d216a

  • SHA1

    7ca5fb35f3131d0aafb04509ca5d31792354b25a

  • SHA256

    d9be128fb6d68e0b48c99e9534799461be1a8865b75b05bdb4e4ab4c76694580

  • SHA512

    766d3fe5b7e3374a19c8da91d64904507832fa2c2f9c6c4d6b131ef6fb12a61f70a4fc01fdd9d373754d686ce78b1e1769dd2d5e76efccef4be6831dd17deafe

  • SSDEEP

    786432:7Jqj4LVVa0YeNodMdVcvmOFzGUsvsPYm/3AIqFfs3lUatqV3Ohc:7JrLVVa0YP28vmO5GRvsAmXF3lUatS+e

Score
10/10
smswormdiscoveryevasioninfostealerpersistencespywaretrojan

Malware Config

Signatures

  • Android SMSWorm payload 1 IoCs
  • SMSWorm

    SMSWorm is an Android malware that can spread itself to a victim's contact list via SMS first seen in May 2021.

    trojaninfostealerspywaresmsworm
  • Checks if the Android device is rooted. 1 TTPs 9 IoCs
    evasion
  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Loads dropped Dex/Jar 1 TTPs 7 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Checks the presence of a debugger
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.newsat.blackbox
    1⤵
    • Checks if the Android device is rooted.
    • Checks known Qemu pipes.
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4254
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.newsat.blackbox/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.newsat.blackbox/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4288

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.newsat.blackbox/.jiagu/classes.dex
    Filesize

    6.7MB

    MD5

    bcc329be49dbb751fa8ea6ca52fe63c8

    SHA1

    e9c4c9be307412eea06300b7b7be4c2655243474

    SHA256

    46d6ec8c2a39d6065e682f86b08e13e1401f292a4b43d5b6c48a3b60b9142d26

    SHA512

    5a97d2ec6e460b618cf72da2f38f519f05bcefbaa9b5617f1e2cd662419ec71d37fd8e24cebc286d61d511bdf93f4df5e1fb398f68278710d64d3ff046df1a1a

    Download Submit

  • /data/data/com.newsat.blackbox/.jiagu/classes.dex!classes2.dex
    Filesize

    7.1MB

    MD5

    e38822d21398a833d01b13cb347ca344

    SHA1

    bde02f0a220922e6b33bb80a746dd05f09ddcc9c

    SHA256

    ad3ade090e273f53c02fc45fea633254d03ff7e0ced9a5f7d1ec8c4d47ae4bca

    SHA512

    4babb9812cdf571d1d7f9f292d34ddb37c4d2e94f28f08687b33d015ddda1343bd09fbc692a41f9343628c9eb14f67e9e728459c5c31a9b79ce05ffeb752689a

    Download Submit

  • /data/data/com.newsat.blackbox/.jiagu/classes.dex!classes3.dex
    Filesize

    1.6MB

    MD5

    1074c08742a0539177acbbdc83fd2a1a

    SHA1

    6c81f0ce45b617f52a7a011263c4effe71598015

    SHA256

    723ac82733653ba7b69d367f1a29336cc8315b7fa325880802c6acdca5c5ea1d

    SHA512

    e5a9ad3d54e4ca2c6c00681feff2278d34ead0c82dbd7cc588d35540d9a177594c85c1b466c01f2e35d2287001b2366390a903b96a04268facb80d9eef2a8e5e

    Download Submit

  • /data/data/com.newsat.blackbox/.jiagu/classes.dex!classes4.dex
    Filesize

    96KB

    MD5

    cdf629852a135363c6db5b8983590bfe

    SHA1

    23405bde8491b670f04c2c11633472e8cfb782e7

    SHA256

    c30456ae1725dac878b174a2aa57d1b34afeba96d708367368039a3aefb293f4

    SHA512

    6086e999fc9bdfb8a955b2788df65cb26fbc4c298f86133c403b9780fe2c885788881cfe9b874735dbe16b522fdbe53593b7fa7d2817e9e4caef7ae6f9901a4f

    Download Submit

  • /data/data/com.newsat.blackbox/.jiagu/libjiagu.so
    Filesize

    682KB

    MD5

    d4fcd24bc1ce05c98ea59f05404753b8

    SHA1

    af156de6226f5c1624e09d6dd625eaa6060e3cfb

    SHA256

    0d6c746ecfebde929c1cdec56628a946d076347d4df7ad17b3a1b1dd76b57049

    SHA512

    43e0e8c3c6b81418e9cced139a37c0d0ff017a7a763425b3342319199b954e445a98113461501c550fefc8a226a47965c4fd487e580a2c20c7a67ddd8d35f7ed

    Download Submit

  • /data/data/com.newsat.blackbox/.jiagu/tmp.dex
    Filesize

    284B

    MD5

    f1771b68f5f9b168b79ff59ae2daabe4

    SHA1

    0df6a835559f5c99670214a12700e7d8c28e5a42

    SHA256

    9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

    SHA512

    dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

    Download Submit

  • /data/data/com.newsat.blackbox/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.newsat.blackbox/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    bc5062d5c6300d9825c77bd3c654c84c

    SHA1

    ef1762db47217cf6ca62b0c96a4e23372ed83fae

    SHA256

    2e815fcaa6caefbf73f6f997bb7099cf78f9a26adf2fdc5fe7bdedcc2d45b6be

    SHA512

    871c532c16d40ccb9411253fcfe04e509708c658532c224714cf0320a1574386a53b14a3474072fa0a38a7ad7b9792614e95d1dc8c5beff66b5efdd8f40cc47b

    Download Submit

  • /data/data/com.newsat.blackbox/databases/com.google.android.datatransport.events-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/com.newsat.blackbox/databases/com.google.android.datatransport.events-wal
    Filesize

    52KB

    MD5

    5de90e244b931647987e648debb1bfb5

    SHA1

    8d06bf11e5311a071c33f1043e59601bf6884eb1

    SHA256

    e1b1da8171fa4f04518286d82a0b83af0035b067ffb3b44b49dbddb16e17642a

    SHA512

    0996467e0709a3ac85ec85e997f4165068bf269c0a65adf142bb1152492fa28132b3bba8c5bbdbe3730f5f3cd85f5ef7d94ef4ae2332ae19f60ffe9b66e76c2d

    Download Submit

  • /data/data/com.newsat.blackbox/files/.com.google.firebase.crashlytics/report-persistence/sessions/66A3B8E702F40001109E4E74DBEF6D1A/report
    Filesize

    742B

    MD5

    c5ec83e9e9721f348028879d4052f9ca

    SHA1

    b54d9ac9c0b7296413ffe9cb7f881b3f97c51e2b

    SHA256

    5779895137a772c0bdb05cbd6586446e41feed272f56743b31ab1b9483e41aff

    SHA512

    8101c3c1d3e3055638c689588a709389a2adc4390e6222ebe42dfb45e4dac39877229a991df2f9a639494eb2108aea79deea76b5f4b4c00aecd99ebc5c21ec34

    Download Submit

  • /data/data/com.newsat.blackbox/files/PersistedInstallation1584188371724246109tmp
    Filesize

    567B

    MD5

    109deae882172c93ad1dd69456a4f572

    SHA1

    842c66e20f473c1db44beec23dbb996960942934

    SHA256

    83c9fc680da72bb0e1d1381f5f7e1cfbd4498c6e61ef5053c019750bfe345ad7

    SHA512

    3f6fcc12d43ca672baec2bb42a4d844deac9d119962e6e13fcd266923751f7e57c921d49a1f27b3535a1a3e9fd06a0eee2aa44b79641e021f21d9fb859fce7ce

    Download Submit

  • /data/data/com.newsat.blackbox/files/PersistedInstallation6781195741532714535tmp
    Filesize

    90B

    MD5

    9bcbb8ef4de6313cf08ba9d3d590a997

    SHA1

    c3618923fa4d9107464f11121203652bf7bcbc81

    SHA256

    381d20d2aca328ef5087f48552998a01855092aeae705cd044ee3a21bf7f4911

    SHA512

    8d5d317e0b2e915208b8efefaaefc42d7329cae759c4f9f470d017a0f1fbf476b5d45a54b1bdc287860c5ef73b69146c522672946b583b8dd3bade32b0a4160c

    Download Submit

  • /data/data/com.newsat.blackbox/files/shared_prefs_sdk_ad_prefs
    Filesize

    153B

    MD5

    65026ee778e1372d9f4aed742772e893

    SHA1

    5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc

    SHA256

    15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c

    SHA512

    589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

    Download Submit

  • /data/data/com.newsat.blackbox/no_backup/com.google.InstanceId.properties
    Filesize

    63B

    MD5

    038525c0b132de0a27d97217de36d023

    SHA1

    30fad38c8fe62d018474a7642795957b9f498d4e

    SHA256

    9a75f9feaa1ad710056aa93861afadc4d2f4de021428c81e1d829c69328ba691

    SHA512

    0b2c8ef93f85d83b76c727ad9de55a022a84cd1231c3c35345f7e5a6025b9df3fde6cdd47ed8f331b1714bf46d2d33f296fb0581a3ff6dc3e00a46d185b96386

    Download Submit