Analysis

  • max time kernel
    141s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    13-08-2024 22:13

General

  • Target

    chinaGmf-8.15.0.388.apk

  • Size

    44.0MB

  • MD5

    0692343229e8237f6d2792ca5b409195

  • SHA1

    7b45c88224258d305459ec6435b8f6a740f79804

  • SHA256

    1967d86f0c7c5a5267da7f3bb9102a535bddffa0c4965035810f38c447fc1760

  • SHA512

    3e07547a3573d12a181eddf3ca6eccd647e1191c959039c7678cf5707f3856e304e63ba5297ca79447982e243b90961788ab773b522ea6a562342d6e6e215aff

  • SSDEEP

    786432:vVBnHoE7B6E+6Sn5hGJdIXukCwsC7FXJ0pjSimSoF8psGZRjs:NBnH1BrjOg+CwxXJ0p+ioC34

Malware Config

Signatures

Processes

  • com.skype.rover
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Checks CPU information
    • Checks memory information
    PID:4305

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.skype.rover/databases/AriaStorage.db

    Filesize

    28KB

    MD5

    4381835151c2e6187f7cada9374105a2

    SHA1

    f27153ac06cdad1341ddc394edb8990712de5973

    SHA256

    c8ef25a045cab5e793b035a2035f5d6a3a39e729423e367a257ca55947ea2fa7

    SHA512

    2b6883f64c222d3d406392b5be24c4d4ba8e8a243b01e46e782589ee8d90e2a554f134fb0ba24f9f713215738df25d41edacce083825db558cd62e8a043507df

  • /data/user/0/com.skype.rover/databases/AriaStorage.db-journal

    Filesize

    512B

    MD5

    5aff6cd6d6e23db3c0410da4bf18eb3a

    SHA1

    9fcf9be9377aecbb1f9ac16b5479e1317f88636c

    SHA256

    741ab6015e53b4394443e2a9e80676cd31cee21521c9314aebffb639f81babf7

    SHA512

    6382c8ca06d2ff77798e5693c4d792342e33c6a4b4a0910669e1679592dcd8a359e8b93f7a7cc27f3db3adb470f4b75dc2d1d55cc8e4cfbdc93c4c7a4dc1e425

  • /data/user/0/com.skype.rover/databases/AriaStorage.db-journal

    Filesize

    8KB

    MD5

    fc92dfc2f461631fa9c9b357644c1873

    SHA1

    cc4ac937b37bca6418ff80a2f33b02337b9a068e

    SHA256

    d0a53aef35d983f57168023df22dc2aaae50b62c7db69277cfaa64e6da22759c

    SHA512

    0ac02402f825c4b8ab3bd577fa6408e2d1c66b50c4bfb323b85f4a67cbf4a595506cb7d823beb3dd0b47eb2125f475fc6af92aab2031753b6f7fa919b6970c36

  • /data/user/0/com.skype.rover/databases/AriaStorage.db-journal

    Filesize

    8KB

    MD5

    f9d00854fc17db3ae6274cb84f546cde

    SHA1

    e81d9b1700a35012d1abe391eeadce29f08e1e3d

    SHA256

    b169190a1baa71c669ad363f862547ac28540e996afcadc7e915074e3804f623

    SHA512

    51f0fb9c4ea6bb99e94c6eced31d1301aa0fc2140d0750ba4e6ec564795d94e719b53341ee2e3bf7bbfd5ba71f0f8cb8bda2cee842b99ab476d463eb99593baf

  • /data/user/0/com.skype.rover/databases/AriaStorage.db-journal

    Filesize

    12KB

    MD5

    a11db88f361af4ac2fad3f8f96d0485f

    SHA1

    0c83f1fef6c53dd0b546c6aa81d2ea65bf93fa34

    SHA256

    a4721f6d936482ffe2c5a84bbce70b424a22af73c8de6ad86da2fab373cccdea

    SHA512

    f38157c32b419540d53d249369ffb8cb923f84efefc69affc2df048faab6c9c4f3ad66a99fce1ea5057ebd3858b7e31b43c3beb25cab92cb024f837e5cb4cb77

  • /data/user/0/com.skype.rover/databases/AriaStorage.db-journal

    Filesize

    12KB

    MD5

    391ac64c46debae90087109e1f70d8b3

    SHA1

    872791abb7ebed56e713202b7757da61e91252a6

    SHA256

    cf16627d25c654acbe58c48d7e3323dc06fc177682e1b352087b2c6d0c2085a1

    SHA512

    87002b8d934e4bb842582a4d373368f6d86272f11356e9ff02b3ab076f0d8fdd05afe2f66a1fdb1d4169ac06c35441517f77b1376102c374b422bee14e9a0438

  • /data/user/0/com.skype.rover/databases/AriaStorage.db-journal

    Filesize

    12KB

    MD5

    efb534bf8b7a3a83026703aab2e6c6b6

    SHA1

    8bf30022cb54c82d5df4b4d6579a0ce0325bd030

    SHA256

    bc85e609bc7670a84be0f0a260375ef62ada4e3462dffcd850ea8d6e00fb161d

    SHA512

    2dd660cb830316e6013505daf44080fde14f83ef5648628cbe006537170008d0bacb5e3ea730e41d1134ee6ad1a63314eb797bea923d78e4d5611566d950c403

  • /data/user/0/com.skype.rover/databases/com.microsoft.appcenter.persistence

    Filesize

    20KB

    MD5

    0fb8fbc51ee678e8cd9a01abbb82062b

    SHA1

    36e7c2e70a420b0d36563dc17f57bd3df4ea0900

    SHA256

    113c26cb34e656afbd2c4d09d2be68933ec40d5dc34a64de94d13685ea229cac

    SHA512

    ddde7691d5f48414f434e4e4618faf258e23efa61e691022a3ecb4db7020f0bfc1bf35c55731f44799771432947c086cc406be58de65a7d91bab42c6106a40c7

  • /data/user/0/com.skype.rover/databases/com.microsoft.appcenter.persistence-journal

    Filesize

    12KB

    MD5

    642473f3a96417c6b7f807c1496f6981

    SHA1

    f516571969373966feea802a303ddece05bac85a

    SHA256

    0939cb7d00a83674c0077bd496989f23935d44279a51c17658ed15abf237cd13

    SHA512

    1e7a6495e4d51e1e4379d46069c599f42ad491b61455829f98447ef4fd3361a0509801f0bb0f55e9bf829224233c1ccd1c585013c2789c2bd78ad5bf8a36b9da

  • /data/user/0/com.skype.rover/databases/com.microsoft.appcenter.persistence-journal

    Filesize

    12KB

    MD5

    98903858da4c218730c61c4f3e49329d

    SHA1

    b67fc3731c6c0b4c1a9aaac2cf344cffb2bbf62f

    SHA256

    1125e433ce8b545d7b60a7bcebdf6f58dbf59085e14f143892d1784032c4a847

    SHA512

    1b437d14275a7b15eda1e8864aaa95dbb645b43358f94731f967668d08012eb1759176be399d3b94ca216291bfb80fa1c248f59ebf857fe92d79fef6b745159b

  • /data/user/0/com.skype.rover/databases/com.microsoft.appcenter.persistence-journal

    Filesize

    8KB

    MD5

    e57555bf1af022b6cfe9caf4a9650ee2

    SHA1

    7b04f1dd9b3f045120edaeb4afdd5c9f7e1ad492

    SHA256

    7b40782ac2873087073e64dd6d87beed98afb610af5519c7671240b44bd6f115

    SHA512

    b138be24ee677fa194e0f50c63365f5a4821f4eb77212657de26d262a87473c348bf3c31d607dc701198726ecd5fd5bf65bd1e294205671035e7d2cc29903bb2

  • /data/user/0/com.skype.rover/databases/com.microsoft.appcenter.persistence-journal

    Filesize

    512B

    MD5

    34eb2a6007a3b3aa4a2039c8cbcf73e9

    SHA1

    c6c74f3566fdaf25366a705a360a4b73f045ddc9

    SHA256

    1795dbb466ceb9f35dbaa9d00d1f112a6eb9773148e989a90b3d47941538b602

    SHA512

    c81054d70fc9b8a48f36e00ffec5451091a6ae7882c0ddd82dde9c3d5fff85b7b9355938479568c040b4f85240c3bace44c851b0fb34b0a24d3f1398f094d1e7

  • /data/user/0/com.skype.rover/databases/com.microsoft.appcenter.persistence-journal

    Filesize

    8KB

    MD5

    ebde12b9debf8a9545400f81a4ceda45

    SHA1

    7242208c4a5bda0ebf4b29c72f61a4108ded5b32

    SHA256

    966a65448b020a0584866f2371bacd64d006900db3bdb20ad92dc4b10d39501c

    SHA512

    c5c2f3ff66aa66018aa63c898bbf9e267169b584bc07fb6bae51d4e82c872939bd1fe6b7c5a463deeee1bff1f0ecdc1729c614ba9d662897bacb41a74016cbbe

  • /data/user/0/com.skype.rover/databases/com.microsoft.appcenter.persistence-journal

    Filesize

    8KB

    MD5

    e7870fd91efb055dc4996ff73ecbc87d

    SHA1

    f63e60366233dc6b312c2b71cddf7d5cef158e02

    SHA256

    56be9c679607d27117618f9638d838cb360f18fd924569b3bfb655bf093e6b01

    SHA512

    5835ae2ed23130fcec02bf8a8366776aee4c538d462b6a9e6698827e12f2f2c174a62452b4a2287ec8f312e61b56386d764d744a31393840fb33c721e598d69a

  • /data/user/0/com.skype.rover/files/AdjustAttribution

    Filesize

    269B

    MD5

    e5d0d5ece1c05549fc856578c3639f7e

    SHA1

    9d83bd377899ef8fece424ecf57b8f517b90685c

    SHA256

    f6000129cca5a2d1b4c8deb4cd84354d618079ba42bc61bfe53615c15e86cab7

    SHA512

    353b997a3b1e609a06ab820cac36d65fac992b711665197c22b92e657938d0f2e3c067292cdfe99ebfca899c4c986a2cf92396372f1ba4baaac293d0abcbf509

  • /data/user/0/com.skype.rover/files/AdjustIoActivityState

    Filesize

    383B

    MD5

    9d21758e00d5f746f1bf6955a5a0823b

    SHA1

    a1de374b469df81650091c4365ef13ec98907d3a

    SHA256

    78eedd51198c5daf22bdae19d2a33064a65c2e97f676ddb44dc9ed54972912cd

    SHA512

    b4270156618454784917110a34b0b694effa9f7493cf979c342b643705b7617623e842b916f12274dfc6c3586edcd4571fca2803a7c01660ca4210b0823b6846

  • /data/user/0/com.skype.rover/files/AdjustIoActivityState

    Filesize

    383B

    MD5

    d85ac8c08b51fd715d9c948f3d105e1f

    SHA1

    ca4e98b1622e5e611e7aa93b3fc0909cda44b85e

    SHA256

    594b471c75383c4cfce1b83685744f5358f8f0c26bd925dc92d725f08d9ab16d

    SHA512

    a70ad4dc65fba37f09ee69062e50abe74f9521aeae710061217673eba92410c9a800c51a77cda3527347bb6714bf8fb35cd81fe61364e36f62b28b5eccf0dfe5

  • /data/user/0/com.skype.rover/files/AdjustIoActivityState

    Filesize

    417B

    MD5

    840c4bbf45ecd51f0dbdb329be9499a1

    SHA1

    2ae63fda363f80a8e96dde1ca5d3d07b2dc6f663

    SHA256

    8ae4b19ced66793e6a3768dc36bb2ac9e264bb2c1f4ea2d34ca81312b825edd4

    SHA512

    e20d6487abc72795fe4a0edaab891166a24ebe0874e6e3414d518f2116f54a54798992487a33f3b4521286bfb67d3fb637153cd6167ccad157d60d0c739d69a9

  • /data/user/0/com.skype.rover/files/AdjustIoActivityState

    Filesize

    417B

    MD5

    f2278fce87ae62f2d940f4b3992e817c

    SHA1

    559a369412282335a10c4683636855fec49b43de

    SHA256

    2349ed010ee2c7b70dbfb2d11f9f733128cb4032a698f63f068617a63f513dea

    SHA512

    83eab7d5bcc374288a83d94e9ce9ef2a37a72a82ed4182402fe24cc563b96486b29d8d0318a78ad0f9a993861bd82aecd70fb1a08e262ca857bbf5574f5cdf02

  • /data/user/0/com.skype.rover/files/AdjustIoActivityState

    Filesize

    417B

    MD5

    9edda4c68f947b4f3d81bf6fdb2f9e62

    SHA1

    14d2d20b334a7f66295d385c4ccc8bc6c412d017

    SHA256

    2cb02a7322989579cd21142f2e7af359d88d35a106aa89d1944285290ae89008

    SHA512

    420a4f2dec0c8a129348a8d5d1fab1dbc5dd627de5800c26b4e2ce27d15cd5a204c7f0ed759e825cc1e6956715cbf6cdf01e795e33b635b1cf9e39b9a47a8998

  • /data/user/0/com.skype.rover/files/AdjustIoActivityState

    Filesize

    417B

    MD5

    15e2dc3683d9dddf63d01c7af194544b

    SHA1

    353f574e7c4d2c702403017d33e1183e2d93f264

    SHA256

    9fc7f28035db03954d58a38792458514397ca074a24f8f65556024cf575ac234

    SHA512

    f8888cab116f8dc6ff146e5c12ee89f37163dc9b9cffbb0f381e28483a3a0a62bdfdf57b923c59bd9b3061805ef86ddd6653564768166f92a222e54013472af7

  • /data/user/0/com.skype.rover/files/AdjustIoPackageQueue

    Filesize

    1KB

    MD5

    f0e9af9ae5e01d4ac1cae0695215be4b

    SHA1

    f68e6830c1b2b2e70d4b53d7f6feec83244fddd7

    SHA256

    f1b8fbaf59edd382a056eacd3497054dde61a1bf06e9273a44cc57e946dfaf4e

    SHA512

    2efdb7e3c01a814799ded01cc56cb1c41ab3b6bf6861d78009014c1d3f8b45624f4959b7159c34297d2f5ad7f50cfe3acca6adb9746608407e44553beb249dee

  • /data/user/0/com.skype.rover/files/AdjustIoPackageQueue

    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/user/0/com.skype.rover/lib-main/dso_deps

    Filesize

    388B

    MD5

    527a94530b0b019c509c84fd384f8a71

    SHA1

    bf4251b78133d6763a607af05dbcecf55a3e76ac

    SHA256

    102de26ba10fbdfadd6c2cadd198f056ebf3dade79fd130363f6fd58da46c26c

    SHA512

    a0dbb115f5d35d32945f75d07d7303d43219e9fd405d7d1d61bb703a1d151b354a4c836823448eae6d9f52f88f2666cd666233913a06efe6730ccfe71bff5507

  • /data/user/0/com.skype.rover/lib-main/dso_manifest

    Filesize

    394B

    MD5

    7bb8f1ff871a0b28b8e2d0e8a01db09c

    SHA1

    81a408a155397473caaf8223adf4366dca7171e4

    SHA256

    47406cf4a870096a71cc0384f8db9693d3b12f33139027806e5fed8dcdef9601

    SHA512

    f0574f157d5da484a5a0c25f4161a977919fbcd6eecd9c28374d7fe24d526d5b9a81543ef81586ebdd3a6eec3cde6a5868c052c5053fc2d511f71cfd70fd3716

  • /data/user/0/com.skype.rover/lib-main/dso_state

    Filesize

    1B

    MD5

    93b885adfe0da089cdf634904fd59f71

    SHA1

    5ba93c9db0cff93f52b521d7420e43f6eda2784f

    SHA256

    6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

    SHA512

    b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

  • /data/user/0/com.skype.rover/lib-main/dso_state

    Filesize

    1B

    MD5

    55a54008ad1ba589aa210d2629c1df41

    SHA1

    bf8b4530d8d246dd74ac53a13471bba17941dff7

    SHA256

    4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

    SHA512

    7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

  • /data/user/0/com.skype.rover/lib-main/libRtmMediaManagerDyn.so

    Filesize

    13.7MB

    MD5

    cbae0aa7c040761e07d5b2adb577f0ef

    SHA1

    b5bf00fe0a37e1234e8a521ab9571016bc969fc2

    SHA256

    970acc081cb1fcfb3fa642c24b80fc323976bfa8a19cfcc79adf38b3dc3b3a77

    SHA512

    f258995f7e582b9b5ab8825bf3a1f76c880232310413181ea206ac3d691642d138bfb333f521e75ac2bad850f8c7eaabec29f5e3595a49f6f8ae1f3eaf83c27e

  • /data/user/0/com.skype.rover/lib-main/libSkyLib.so

    Filesize

    7.9MB

    MD5

    45e24fbc513ad22f190ecf03408076d2

    SHA1

    88cf9f661dca34f27c21a6719055da20a105a109

    SHA256

    ce51459099b8b344927e6a0e81df013e2d6847c2d911a1f8471889e3734265b9

    SHA512

    b4eaa01cb71971f33dba7e732edc8366934a30598376049ccad1e6fe359b6b4ce4b02507bddf63314c95f055ca39afe071083654c8510953ac9fd5aae1459d91

  • /data/user/0/com.skype.rover/lib-main/librt-java-bindings.so

    Filesize

    65KB

    MD5

    f39b2fed64cf1696058811bd918ba559

    SHA1

    3643f4eb11237882a882beb96dc2238e8258df8e

    SHA256

    40fec59aa71d1df7dd656af7976a4c50cd66ff43678ca50eb457d1d5f6f39ad6

    SHA512

    997e2ee66d7e3e830a53e33fbfe6707a27c02e17dbc7b44ef786b71e1c2cbb50357c6b5ee695f61fe466d32463c9557c68db4c635d2b7228a0f706d975ebd8e4

  • /data/user/0/com.skype.rover/lib-main/libskypert.so

    Filesize

    2.8MB

    MD5

    d8d513b6da2f0b02a6079ca476ccd8a9

    SHA1

    95d70019a934ee453cc42e517c6b45f88f9f01a8

    SHA256

    5c59b9ec0bc04fe206c9de71d3b31544cd6740d8a2bc4245567a97ec10b8e573

    SHA512

    d1c04744e202f01361009636885bc6778622d38848642e97e9f5c7e00f848be8d5f407d50b2916aa1611d166953af6c0d7000d672901a577c9fded289d034303

  • /storage/emulated/0/Android/data/com.skype.rover/cache/com.skype.rover.0.log (deleted)

    Filesize

    12KB

    MD5

    1fbb85f40c50c3349e13fa92de080f50

    SHA1

    3e6c1eb56d4e19b554911a4e3eae82ed8fb8c9fd

    SHA256

    5ab1e3c476a029fa7f0918af67c6c80178fa870e29e600ad2fd2d851ffa35865

    SHA512

    790b907e558f6b48fe0d385836f7072855beb32fea3c4338503242d10012c70c6e482d3d6eb61f1a407d821c74f829e46dac54a9e7f5540b5aa69d691f9e1033

  • /system_ext/framework/androidx.window.extensions.jar

    Filesize

    123KB

    MD5

    3056e1bdb7d4e19789d0319eff484bd0

    SHA1

    6791ae47aa9466fe0bca27ad6643f846853bbee4

    SHA256

    8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

    SHA512

    c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

  • /system_ext/framework/androidx.window.sidecar.jar

    Filesize

    25KB

    MD5

    29469324e59dfcc052f24b5af4e7b2c4

    SHA1

    10c1e17ac6f598037bb51baa07945663645de4eb

    SHA256

    9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

    SHA512

    5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2