Analysis

  • max time kernel
    67s
  • max time network
    82s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    13-08-2024 22:13

General

  • Target

    chinaGmf-8.15.0.388.apk

  • Size

    44.0MB

  • MD5

    0692343229e8237f6d2792ca5b409195

  • SHA1

    7b45c88224258d305459ec6435b8f6a740f79804

  • SHA256

    1967d86f0c7c5a5267da7f3bb9102a535bddffa0c4965035810f38c447fc1760

  • SHA512

    3e07547a3573d12a181eddf3ca6eccd647e1191c959039c7678cf5707f3856e304e63ba5297ca79447982e243b90961788ab773b522ea6a562342d6e6e215aff

  • SSDEEP

    786432:vVBnHoE7B6E+6Sn5hGJdIXukCwsC7FXJ0pjSimSoF8psGZRjs:NBnH1BrjOg+CwxXJ0p+ioC34

Malware Config

Signatures

  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.skype.rover
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4232

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.skype.rover/databases/AriaStorage.db-journal

    Filesize

    512B

    MD5

    5442a2877b41fde96cd774a41441462f

    SHA1

    9000c42933a9cea8bca11a62bd8b712f520b87de

    SHA256

    a76c28d314409fcb4c4f4683b814662fb6eab7ea347169018b92a243afb7327c

    SHA512

    817bffe0dd0c031e1d60a5e07dafcf22bde3f552967e794a9f166432a4464505ca4a89632d28ec0367e43fa74c682404381ba15998fc5c60bb9523cf1ed444eb

  • /data/data/com.skype.rover/databases/AriaStorage.db-wal

    Filesize

    88KB

    MD5

    65ff7801a9c1b4599479e257b5d45410

    SHA1

    0b8d8e9615cc85c7d8225a2a6a05869d15ac7f13

    SHA256

    3b581ee771c93f5af83f453c57422afeaa63465d8fd2f9cdf98eca5c9cea46df

    SHA512

    b19281820a429c36a57592c43d0c9086b233016bfd880751d7337917985e0d7380cca91b7b863b50b56f0a8bdfcb54df0341cc9a3f0b984940783eaf03b4b356

  • /data/data/com.skype.rover/databases/com.microsoft.appcenter.persistence

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.skype.rover/databases/com.microsoft.appcenter.persistence-journal

    Filesize

    512B

    MD5

    a8a7f2de756f937b3d9137017bc6f027

    SHA1

    86c9d384f3184f462713d76d47deabba3bb7610a

    SHA256

    847988e19a5d6583d26742085f888562489c5e9f40d5542910b2979d5c96ed90

    SHA512

    264d6faa9859a6a019d65bb7fdcdda86e768c2450f0adc566d20db1e7ae92c70490c3c527ac9254d5fcd6fcbebde63929404004d19f0f03afe6ecb03df27d750

  • /data/data/com.skype.rover/databases/com.microsoft.appcenter.persistence-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.skype.rover/databases/com.microsoft.appcenter.persistence-wal

    Filesize

    56KB

    MD5

    2c1a3cd48237b092cc8c494f0f744b4f

    SHA1

    a3795ca4e75e7385a1f9a4160e0ff18c299fbc93

    SHA256

    a0b2e0cab1e2a952697e6c87452eff25882262f0238478b504a312e694e233fb

    SHA512

    aaf65104eb54ba42f9918f694570d312860172fd1dec075f4f6278d712c38f81584463adf4fffaf6f9cab879a54dd1a4d1f2c9351bda07243b1ce674390831a5

  • /data/data/com.skype.rover/files/AdjustAttribution

    Filesize

    269B

    MD5

    ed0650848210ff25210904612d406ab5

    SHA1

    60861c174badd550d6adc7bab2c70962083547cd

    SHA256

    3d841cd37c17e165c152d318da882eb44a85aae84dc96dd2e667b9e075056cc0

    SHA512

    8cc36f34258edd76611df5d9e1c000fa2ec334d1bea1164b92f20d9e98ed2848b3dc4e570ed7bb66d70902606a677d88359bb200eac03c9263ac1fa029b463cd

  • /data/data/com.skype.rover/files/AdjustIoActivityState

    Filesize

    383B

    MD5

    e9f8c513faca80379a0fed708f763371

    SHA1

    e86e3d0c8e43333edbcea6b3bbebc955ff9e2d6b

    SHA256

    658a2330d84c3f315cbfead1079c09396247aa69e7de480b0bb08e3125cc03bd

    SHA512

    bc09fe643ae00700299781ab3e5520d96352e3bb44cfe49cb125938bd727692ade41f782ee2635ea8be5ef7c8f2471207507ce050ef85fe6fffaa82c09280e38

  • /data/data/com.skype.rover/files/AdjustIoActivityState

    Filesize

    383B

    MD5

    38c3e74783b5afbe398afd5eca0f5439

    SHA1

    64c43fd8d8d4641d327f5160a58fef1663709e07

    SHA256

    e16e9aaf18cb8f7a76ffb1748833eafaf892e3ba77ae137b149be86494c8f3e3

    SHA512

    9049ec502b0d7e554e5abb81f1a8056f70ea742914d24933fc65a31a19e2b4f3aa1f3911283f1e5f076f2d2404f4307c2621d3a112cc4a2423d9b0b8fccb1635

  • /data/data/com.skype.rover/files/AdjustIoActivityState

    Filesize

    417B

    MD5

    1f972ceb16764151a1bd04b9a78c03fb

    SHA1

    5b7a504318795e0f6cfa6ab08c9959e4e2ffb7dd

    SHA256

    577ba1d0278950cc4606ad29241fdc174455db9c3882d0d68a983b1cb9035a75

    SHA512

    7499d1a9f557562a2a4cfc9ad4d28996482761cd5e5229f2b90403aee9abd73b3a54a01c5448366c51bab338e42693ec029ee164aaa30c6cbcf0eeb0a6c4aa5f

  • /data/data/com.skype.rover/files/AdjustIoActivityState

    Filesize

    417B

    MD5

    4f61a99929e4039948216c3c42115da4

    SHA1

    afe130251c5240332e327e65983c4764505728c6

    SHA256

    547c05395ae795ac51bd3cd4d85c75793b7fc0d7baae7eb38600ab314ac2d0e9

    SHA512

    1312142c0b2dfe6edf5170e580efcfb22b51b16c583f149e9cfca1ef9d9c9bf32b1f6fff266451091ba53a0460b686ea173d46d3ef93756a0f6c258c6f5ad57c

  • /data/data/com.skype.rover/files/AdjustIoActivityState

    Filesize

    417B

    MD5

    f288da1b8b2b84b235c9dbf4096aa03a

    SHA1

    fd482d724cbb5b56bc158157e8735d776dc9d64d

    SHA256

    5306ce696219ceaa646d773868e531cab87582d723b3748322d22bdbc852a6bf

    SHA512

    7cb90d605267e483982e19d1b7804ca55699d13b41035f0dbabf8cf1bf7bc562681b7bd1a320d9f62d06e4b8b4ed767d6e38060e118afdbcf6576f38e3fbc123

  • /data/data/com.skype.rover/files/AdjustIoPackageQueue

    Filesize

    1KB

    MD5

    cfe8b2abc0211e151ce092c85020ec28

    SHA1

    7df311a3f132e67614c99aa1343fd9cee37cce23

    SHA256

    4ae00664a5f3b1a5aa91e72c5bc59d5a5d6e92265a4842738626f2be440e2848

    SHA512

    923f9707d2cc21324edee1cc156ccfe8c3d73ca3f7f411dfc94db38d9843f19e00838ac223bed3272fe6ab6f107509af4fa44315eaf4d35270e523fbe7ebfc85

  • /data/data/com.skype.rover/files/AdjustIoPackageQueue

    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/data/com.skype.rover/lib-main/dso_deps

    Filesize

    272B

    MD5

    6f7a5bcd2bc07144d6c61715a1f323d5

    SHA1

    c4b7f676d84f8c9d37456bcbb275ccc7b8953d88

    SHA256

    0f0fa2a46a7b8219e40c6c797c351d36d8a21947f50e59276c0c190a92ef8341

    SHA512

    8c4d8e54137594351e1dd20a45786ecb2ad96014476b17e5f4b9a5a463361e7ee09e3ecafdbd54d071df1583608847abe2b76df7c998707546c274ebba39e69a

  • /data/data/com.skype.rover/lib-main/dso_manifest

    Filesize

    5B

    MD5

    c06857e9ea338f3f3a24bb78f8fbdf6f

    SHA1

    c5a0a2529d2deb60fec041b4fbd722a2ebe31702

    SHA256

    957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

    SHA512

    29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

  • /data/data/com.skype.rover/lib-main/dso_state

    Filesize

    1B

    MD5

    93b885adfe0da089cdf634904fd59f71

    SHA1

    5ba93c9db0cff93f52b521d7420e43f6eda2784f

    SHA256

    6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

    SHA512

    b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

  • /data/data/com.skype.rover/lib-main/dso_state

    Filesize

    1B

    MD5

    55a54008ad1ba589aa210d2629c1df41

    SHA1

    bf8b4530d8d246dd74ac53a13471bba17941dff7

    SHA256

    4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

    SHA512

    7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

  • /storage/emulated/0/Android/data/com.skype.rover/cache/com.skype.rover.0.log

    Filesize

    8KB

    MD5

    d6b0048c33af9ed1b056e9d263eb9d45

    SHA1

    49287b40eef00f58e99e88ce3d6076da3c57f4a1

    SHA256

    499cb0348e0c41c18f619945e45a86b5bb9bf26ca039b4efc89b45ab21f30257

    SHA512

    9b4b45ee768833b8f7d18fa8f44a39da97666639a61a89cae0a97faa6d517683afe57e7e36efe163e5af90c15bb0a0e338f197cd802e04de57c552d36a8e663a