0b80eaeb65002ce8706d9ffb66c25a924969d7de694a8937b163d9169a765c39

Analysis

max time kernel
689s
max time network
658s
platform
android_x64
resource
android-33-x64-arm64-20240624-es
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-eslocale:es-esos:android-13-x64system
submitted
12/08/2024, 04:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dynamicspot_1.87_200121_@akuamods_1623457379.apk
Size

7.1MB
MD5

7e017e76abbb5e6ee319f9037425d7fd
SHA1

b2bb780ed8217afa2ff508ffa8a70e24f87095e8
SHA256

0b80eaeb65002ce8706d9ffb66c25a924969d7de694a8937b163d9169a765c39
SHA512

887a9ff2629c73949b9490e39e43f774647818137249b3224c27a9ed92267cc4624eeb39986ec11ffb462e40fd075800d1237551e978d8365d31898c02a44831
SSDEEP

196608:5rQ+AHTUlgz8XhQMrmCW5hLuv3+29mkJrsG:58TUlQ8XpB3

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.jamworks.dynamicspot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.jamworks.dynamicspot/cache/1708042440713.jar	4272	com.jamworks.dynamicspot

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.jamworks.dynamicspot

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.jamworks.dynamicspot

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jamworks.dynamicspot

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jamworks.dynamicspot

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.jamworks.dynamicspot

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.jamworks.dynamicspot

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jamworks.dynamicspot

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.jamworks.dynamicspot

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.jamworks.dynamicspot

com.jamworks.dynamicspot
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4272

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jamworks.dynamicspot/cache/1708042440713.jar

Filesize
10KB

MD5
b505176427d7a39e061376ac2386dde1

SHA1
4b18624a8d042c59a9d7bc52c9e5d2c0c5a28784

SHA256
4e983048ec350842cbbbaafd0393d962bd977422549f85c45ed36d908f708643

SHA512
1e723bec59538a838b6721e55a653633fe8c41a5a46be1a4eedc3a85fa405e5ef9a0cf81c2b531231e8f0abcfa3a3f1f5e5fe7ebfed0cacaf9b46ddb7e70e3ca

Download Submit
/data/data/com.jamworks.dynamicspot/cache/oat/x86_64/1708042440713.vdex

Filesize
1000B

MD5
d99c4528fb45042c757f93275ae0a785

SHA1
d5b0fe33407e39522ed6ff24378d0c00531aff09

SHA256
d6549d8d68284f78816252baf2cd91936b49c7f6fd1fe4b9be9412af91b7575b

SHA512
0b56df19370c6942c58296565e747207d4729a57b000a60413f45c98d42d033993e9584cdd09519ec533d576405259a0218a56dda485ee06fd76d35942c2d004

Download Submit
/data/data/com.jamworks.dynamicspot/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
1f7617a9cd3ac460ee4761bd0c4765c4

SHA1
a731b5f3ba25c15925ab82b6f3f607e005130981

SHA256
02130a5123ad9c2ee3e5a628e056b1c90faf788063d20a189432f23d695d722e

SHA512
a0f54a8dd5f30537bf1ef1098a8bc4dd124c9afba352d8790c5c51899b62e46f0358f0e65cd733d56fe14978a1b05d7b9b9e920507d07b0bbb0c0f66b2cc37b5

Download Submit
/data/data/com.jamworks.dynamicspot/databases/com.google.android.datatransport.events-journal

Filesize
24KB

MD5
b50808404852e9f8580ad6110501fc61

SHA1
70c178e2bbc28ad41f9fbb451a67ba5b1655612a

SHA256
059e2457e1fb2e9bb9b0331ab5dde8707eb78586e81bc7b53d6fad0e9c67a878

SHA512
eb203a3a0ded6d3f340fe04c2627ddea1be4445320e35ea342aefcff71925b0f09bae0dfd7f606c882b0125d742842bf50784856b25e47f69a0dac70b670cc1a

Download Submit
/data/data/com.jamworks.dynamicspot/databases/com.google.android.datatransport.events-journal

Filesize
16KB

MD5
652e0bb37b162af9c872981642d99d60

SHA1
d8d0dfd9247fe5c3c25f07942e835b0b499f8716

SHA256
909d3e692089f60a375935a388585c9453f68a64d11da2a789602fc1d851c370

SHA512
bc9ba9776900638d98057276cbdccd7cc3706af84cc69d52e6536c49904b664edf089b9446f1c782304e294264a05522f216212032bc615052c14934999110e9

Download Submit
/data/data/com.jamworks.dynamicspot/databases/com.google.android.datatransport.events-journal

Filesize
20KB

MD5
645cb51cc9221a80ca4493eb2e05a8cf

SHA1
18c5dc7d0cb8a95fbd6db5e21339e095c09a5d27

SHA256
8048daef1b469ea77109ba189cd2b7ab25d8a11a1efe5f366e388913e01c8b18

SHA512
c3683defdd2355f2c0c58b53d24b920c875490bb533e3471f0ec05999225f999a4f1574b3f15badc52a82ec613316b2f20f152f9788daf6139db7bb94e314b19

Download Submit
/data/data/com.jamworks.dynamicspot/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
833f9102778b16ee93afda8200a3ace0

SHA1
4bf3e3b2720075c3018eb0cee5ac7ff4b5753499

SHA256
65af42b2390cc4149fad2655f6ad0f989864d438d8ddc0bded44f843d5993470

SHA512
0ae657e72041715536d048beb425debf5b68c3fb3e89031d652a27bd171f91b1f65d29c6bd37c5209a0415ebf9398500cd72247da825d02d8f66438eeeac5bd8

Download Submit
/data/data/com.jamworks.dynamicspot/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
07ef00917134a47801c52c6d2b70c52b

SHA1
3ece891e6ec56c5a4aa8c41992b7ee16546b6de1

SHA256
bcb0ade97b3883a864c53bdbb19a4bc8ce866e2ca10639dfa5651c634eed8ff8

SHA512
a29611d38f64ad7d428273296db0b2d058946c2f351f21fad60e68e8220977d434509186615c4f9a857d766500d2e97b5208dbcb2fe0f89b1c1a2b45f6a136a4

Download Submit
/data/data/com.jamworks.dynamicspot/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
5aacd7b61fa2467267a7f58c1cdd7c7d

SHA1
e3a952f4a6e3f052483b2da30d9a7a62f2281025

SHA256
309afdf0a4caf7c7e68cc9c05432e36f7de09a025e3b6923f68fb28df3135198

SHA512
4ac36ffe02798ff370f2669af710b91842309800e6092123d839dcde0393016a7ecce1a7ae52800306e05b4a939fe2717246bc00066d37e128e377e59d50caa6

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db

Filesize
16KB

MD5
384ced25bff15793a55922855871f52f

SHA1
562791b70c0790f98fa7c0f059b8e0823da6b729

SHA256
89806361de6d12341270013c6fef246d38f0e5953b967196291a48697c0c5c29

SHA512
b9845cc30be5a69eda4ebcfccd3373760cbba8a58e1037fdb00fba4968716ab82cf478346ee898a186e7327040dc4c139210f003c3c597ee0b8af82f73a62a09

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b7c9d5279b8392facec59d18b7f46d99

SHA1
fc03b7433ac71ba078cee417c63d0088e6958d3f

SHA256
de238ef2371a3e3d2a095f9276406eb5aeb062c1dc63cff5e1699c1bdaad55e7

SHA512
565355e3b20f01860e9ddf9b7626530fd7418678fcbe8f07ebb1965ca9b61296da4b9950b66b0d66cf556de339cd7d8b9fbac8d93990fe0aa02fc030d89a3eab

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d2a6273ae7c7dfb5bbd6ce68af7ab327

SHA1
5feff6e62a917273058d1c77cf094cbbde9e1111

SHA256
e6e36ef6e8fd40c6bf9b4d466caa08aca576dc37e6bbecb5f4e4bce1d4b782ef

SHA512
c3cae9e7ec45f1f405bd4ecb779d303143729b81e070d379c194ff05a32ea84f77d18cda69c0aeec5722d99480c96891e6ec75592514aecc2b124778b46445d9

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e9f2a44abc2dcb6c2a51466727ea5983

SHA1
f2be3ad5cfa9688ba998be0d752d5c069880a0b2

SHA256
cb6e0665a9e222f5ed1ca83835eb4fe3023fbb421f16b8ead586030749f755bc

SHA512
ab224622cf1e5012e213f8b9b602b654c1bfbd9fd7366f90479f87de95f81a87bac44ed51abf381210875274c2f0f643ace7085a62daa85f9cc627d41acf9520

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7635aa7e02c5035732ced3d410f9422d

SHA1
51d69dca09a1fa63e824c4235e828d61cf70627e

SHA256
5dbb117b4b54e8dd2dccf99868d753e6f5262e6fc2e70d463e10eaaaf95c169c

SHA512
afe123b23644a9ecb7914a8a6e99855dea848e57d72b235901acc866a81cd4818089197110eb51a465b75a419dfd977da9e6cbca2421f3afd1601f8d18df3bdf

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
09fb738c11fa21bf654a70b770022690

SHA1
e50a45eee5c97f25d8dee1497381b4fd9d5737b9

SHA256
5aa0c7802f794104ecfd9ce829c3e8eaa888b2a705b4f5252024baf01e1af11b

SHA512
3f7c0a51fa9df46ee81145e719d5b60e2b91900ae5eaa98be98547c1ef1e0a07089445d8b7be929606645d7303dc5c74c9d1b7bf9326ab3f42efac1a3effda35

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7365f1e4c12ce1bf30df805f7016707d

SHA1
b0a6e62754b703314b9629a8097006b07032ef26

SHA256
f1572fa46274180e7afcf09d56394fcf1af13bb4f5bd654df1333b2b9978ce2b

SHA512
7e81838336f9bcd43ab9c53cda46b5b2d1ebbd329d776dc609f0869fb525b0c3d6dd41b0cab899008a1e09b9164b41e998c2d8d153c582e6ea52af3f747224f0

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
a266bec325ff1a7642122380c9474376

SHA1
8b0688d4967fafad7fbf54fcaa23f6f3e5ccec71

SHA256
537931c25dc29ed2f47fd83c345dff383e22e2229e7b9e7a8ccf5b9a9ec8265e

SHA512
2017e13f9f96ec58c6d214e82c2ab1c96ae59960a7e0184804a58b6a087b88037ef465537dbc3d8dedfebc7f9480a04e47c2ffcbfcbbada4ad8e058010202f55

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dd134492a4715080701ad0f83136dc81

SHA1
e9547abbc172cd917532ebd32ae0440f66c53a7c

SHA256
11be39688734db5a4cf5aa3da831d7c09c33d6b0f0b5b161df889596a68b11b5

SHA512
6f512a056be2426fd9a6e000a3a5bb689066e856748f1a67b68da37ccd264e4efdf61709bf20aa2984cebe75fa8de365e7c546979d310e55a5a8aefd5a89b2dd

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2f6d59c5294a59ce130f18a5e270e700

SHA1
02fe3f75bb330a75b05a65a9fd179fc11f54fcde

SHA256
4833a5a47226e2d260475b165d6c3e6383861f41e1d223a2630436c6145aa940

SHA512
5b993c0c3ae796d6eaaad2f1e213cdd002d001e154e85bbf87421ae9865290b8dafd122cab63dc0872c44083a9e651215b830c3dccdf4027dcd675d35d8a90da

Download Submit
/data/data/com.jamworks.dynamicspot/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
91fcda2d8112eb24ad4e881440995d4b

SHA1
5bdbab406830e9978ff21af01b7b8a943018ad6b

SHA256
5bb2d5d5b4418750836bbe8a3723003f3146ef89916dc3cce5180d916909d616

SHA512
9fc35cd9bc36c35c235875e41dbd4111fc236102c7ff2baae521b35f7df672d0366d0dfda1ec4b6757c24a937e19831fad53fa597109f072443ecb6a940ec721

Download Submit
/data/data/com.jamworks.dynamicspot/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.jamworks.dynamicspot/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
30e6bf424a687172d71c3a1fe9b0acd2

SHA1
1f12533f5369dfbcb782c7fb7e9dbbf8fc1d0892

SHA256
5a6e0c465b79afa08ec02fe42d89f1967535dbab6f4a49b9f0b716bcb5c23c82

SHA512
e41250a1039e9962164aa0bfa4d64f7eec79ec4a16e9c95c08bf0677a754c341b8df3724f5b0cba0bc4b075e8f298cacb7fcd6d6fcf12b7be284fa28073924ee

Download Submit
/data/data/com.jamworks.dynamicspot/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.jamworks.dynamicspot/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
0d4a6e8022cd818f181ea6733432811c

SHA1
d6b6552bddf7fabf1fcb80067697ee7918cf9f0d

SHA256
e1eb24e6b6bf8f686a3ed2dad972d50f1816cf608921f427b64a29a8b77c4731

SHA512
9e171cdc3509fa049b23f28d2e8ce426af1784aee0091a7e1a40bff50837b52baa8c9869edb075732251572c5ef59f3e80dde307d94859b5ae3ee4035bb8ad04

Download Submit
/data/data/com.jamworks.dynamicspot/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
d9370e7a0266da971eb485624ddac66d

SHA1
dc2d5a6019c488ea1a54303e7be0c5db7335d612

SHA256
f40c1907392918a46ad21bdede750d910948b5250faef446e795e963d06bc0a6

SHA512
13d4ceaf4f11bebf3bff329c72f9de725389cd1ba933010c7422689d38febfaf26f138bd189f34f00e1dd8e8bb2bc2d2f01f69a4daa38284b6cc6d7949c4a51d

Download Submit
/data/user/0/com.jamworks.dynamicspot/cache/1708042440713.jar

Filesize
22KB

MD5
22bbb94b0b30c414511fed19a37c6d50

SHA1
ccf1169191d6a6286933c637373d8c2c2a169e90

SHA256
190194b044a220317f721207ff2804669e6f808f31128fcba5302f60ca9400cc

SHA512
d2ae7f9874ed84413475854dd6544d57c3359ef5e8b65d6ff7fb3b853b3a9361a4d1400e0d3b0ee00b5e0f9bdbf31d97a14fc8856dbf231b714260fc12e1aa55

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads