Analysis
-
max time kernel
141s -
max time network
164s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
13-08-2024 22:13
Static task
static1
Behavioral task
behavioral1
Sample
chinaGmf-8.15.0.388.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
chinaGmf-8.15.0.388.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
chinaGmf-8.15.0.388.apk
-
Size
44.0MB
-
MD5
0692343229e8237f6d2792ca5b409195
-
SHA1
7b45c88224258d305459ec6435b8f6a740f79804
-
SHA256
1967d86f0c7c5a5267da7f3bb9102a535bddffa0c4965035810f38c447fc1760
-
SHA512
3e07547a3573d12a181eddf3ca6eccd647e1191c959039c7678cf5707f3856e304e63ba5297ca79447982e243b90961788ab773b522ea6a562342d6e6e215aff
-
SSDEEP
786432:vVBnHoE7B6E+6Sn5hGJdIXukCwsC7FXJ0pjSimSoF8psGZRjs:NBnH1BrjOg+CwxXJ0p+ioC34
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /system_ext/framework/androidx.window.extensions.jar 4305 com.skype.rover /system_ext/framework/androidx.window.extensions.jar 4305 com.skype.rover /system_ext/framework/androidx.window.sidecar.jar 4305 com.skype.rover /system_ext/framework/androidx.window.sidecar.jar 4305 com.skype.rover -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.skype.rover -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.skype.rover -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.skype.rover -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.skype.rover -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.skype.rover -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.skype.rover -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.skype.rover
Processes
-
com.skype.rover1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
PID:4305
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD54381835151c2e6187f7cada9374105a2
SHA1f27153ac06cdad1341ddc394edb8990712de5973
SHA256c8ef25a045cab5e793b035a2035f5d6a3a39e729423e367a257ca55947ea2fa7
SHA5122b6883f64c222d3d406392b5be24c4d4ba8e8a243b01e46e782589ee8d90e2a554f134fb0ba24f9f713215738df25d41edacce083825db558cd62e8a043507df
-
Filesize
512B
MD55aff6cd6d6e23db3c0410da4bf18eb3a
SHA19fcf9be9377aecbb1f9ac16b5479e1317f88636c
SHA256741ab6015e53b4394443e2a9e80676cd31cee21521c9314aebffb639f81babf7
SHA5126382c8ca06d2ff77798e5693c4d792342e33c6a4b4a0910669e1679592dcd8a359e8b93f7a7cc27f3db3adb470f4b75dc2d1d55cc8e4cfbdc93c4c7a4dc1e425
-
Filesize
8KB
MD5fc92dfc2f461631fa9c9b357644c1873
SHA1cc4ac937b37bca6418ff80a2f33b02337b9a068e
SHA256d0a53aef35d983f57168023df22dc2aaae50b62c7db69277cfaa64e6da22759c
SHA5120ac02402f825c4b8ab3bd577fa6408e2d1c66b50c4bfb323b85f4a67cbf4a595506cb7d823beb3dd0b47eb2125f475fc6af92aab2031753b6f7fa919b6970c36
-
Filesize
8KB
MD5f9d00854fc17db3ae6274cb84f546cde
SHA1e81d9b1700a35012d1abe391eeadce29f08e1e3d
SHA256b169190a1baa71c669ad363f862547ac28540e996afcadc7e915074e3804f623
SHA51251f0fb9c4ea6bb99e94c6eced31d1301aa0fc2140d0750ba4e6ec564795d94e719b53341ee2e3bf7bbfd5ba71f0f8cb8bda2cee842b99ab476d463eb99593baf
-
Filesize
12KB
MD5a11db88f361af4ac2fad3f8f96d0485f
SHA10c83f1fef6c53dd0b546c6aa81d2ea65bf93fa34
SHA256a4721f6d936482ffe2c5a84bbce70b424a22af73c8de6ad86da2fab373cccdea
SHA512f38157c32b419540d53d249369ffb8cb923f84efefc69affc2df048faab6c9c4f3ad66a99fce1ea5057ebd3858b7e31b43c3beb25cab92cb024f837e5cb4cb77
-
Filesize
12KB
MD5391ac64c46debae90087109e1f70d8b3
SHA1872791abb7ebed56e713202b7757da61e91252a6
SHA256cf16627d25c654acbe58c48d7e3323dc06fc177682e1b352087b2c6d0c2085a1
SHA51287002b8d934e4bb842582a4d373368f6d86272f11356e9ff02b3ab076f0d8fdd05afe2f66a1fdb1d4169ac06c35441517f77b1376102c374b422bee14e9a0438
-
Filesize
12KB
MD5efb534bf8b7a3a83026703aab2e6c6b6
SHA18bf30022cb54c82d5df4b4d6579a0ce0325bd030
SHA256bc85e609bc7670a84be0f0a260375ef62ada4e3462dffcd850ea8d6e00fb161d
SHA5122dd660cb830316e6013505daf44080fde14f83ef5648628cbe006537170008d0bacb5e3ea730e41d1134ee6ad1a63314eb797bea923d78e4d5611566d950c403
-
Filesize
20KB
MD50fb8fbc51ee678e8cd9a01abbb82062b
SHA136e7c2e70a420b0d36563dc17f57bd3df4ea0900
SHA256113c26cb34e656afbd2c4d09d2be68933ec40d5dc34a64de94d13685ea229cac
SHA512ddde7691d5f48414f434e4e4618faf258e23efa61e691022a3ecb4db7020f0bfc1bf35c55731f44799771432947c086cc406be58de65a7d91bab42c6106a40c7
-
Filesize
12KB
MD5642473f3a96417c6b7f807c1496f6981
SHA1f516571969373966feea802a303ddece05bac85a
SHA2560939cb7d00a83674c0077bd496989f23935d44279a51c17658ed15abf237cd13
SHA5121e7a6495e4d51e1e4379d46069c599f42ad491b61455829f98447ef4fd3361a0509801f0bb0f55e9bf829224233c1ccd1c585013c2789c2bd78ad5bf8a36b9da
-
Filesize
12KB
MD598903858da4c218730c61c4f3e49329d
SHA1b67fc3731c6c0b4c1a9aaac2cf344cffb2bbf62f
SHA2561125e433ce8b545d7b60a7bcebdf6f58dbf59085e14f143892d1784032c4a847
SHA5121b437d14275a7b15eda1e8864aaa95dbb645b43358f94731f967668d08012eb1759176be399d3b94ca216291bfb80fa1c248f59ebf857fe92d79fef6b745159b
-
Filesize
8KB
MD5e57555bf1af022b6cfe9caf4a9650ee2
SHA17b04f1dd9b3f045120edaeb4afdd5c9f7e1ad492
SHA2567b40782ac2873087073e64dd6d87beed98afb610af5519c7671240b44bd6f115
SHA512b138be24ee677fa194e0f50c63365f5a4821f4eb77212657de26d262a87473c348bf3c31d607dc701198726ecd5fd5bf65bd1e294205671035e7d2cc29903bb2
-
Filesize
512B
MD534eb2a6007a3b3aa4a2039c8cbcf73e9
SHA1c6c74f3566fdaf25366a705a360a4b73f045ddc9
SHA2561795dbb466ceb9f35dbaa9d00d1f112a6eb9773148e989a90b3d47941538b602
SHA512c81054d70fc9b8a48f36e00ffec5451091a6ae7882c0ddd82dde9c3d5fff85b7b9355938479568c040b4f85240c3bace44c851b0fb34b0a24d3f1398f094d1e7
-
Filesize
8KB
MD5ebde12b9debf8a9545400f81a4ceda45
SHA17242208c4a5bda0ebf4b29c72f61a4108ded5b32
SHA256966a65448b020a0584866f2371bacd64d006900db3bdb20ad92dc4b10d39501c
SHA512c5c2f3ff66aa66018aa63c898bbf9e267169b584bc07fb6bae51d4e82c872939bd1fe6b7c5a463deeee1bff1f0ecdc1729c614ba9d662897bacb41a74016cbbe
-
Filesize
8KB
MD5e7870fd91efb055dc4996ff73ecbc87d
SHA1f63e60366233dc6b312c2b71cddf7d5cef158e02
SHA25656be9c679607d27117618f9638d838cb360f18fd924569b3bfb655bf093e6b01
SHA5125835ae2ed23130fcec02bf8a8366776aee4c538d462b6a9e6698827e12f2f2c174a62452b4a2287ec8f312e61b56386d764d744a31393840fb33c721e598d69a
-
Filesize
269B
MD5e5d0d5ece1c05549fc856578c3639f7e
SHA19d83bd377899ef8fece424ecf57b8f517b90685c
SHA256f6000129cca5a2d1b4c8deb4cd84354d618079ba42bc61bfe53615c15e86cab7
SHA512353b997a3b1e609a06ab820cac36d65fac992b711665197c22b92e657938d0f2e3c067292cdfe99ebfca899c4c986a2cf92396372f1ba4baaac293d0abcbf509
-
Filesize
383B
MD59d21758e00d5f746f1bf6955a5a0823b
SHA1a1de374b469df81650091c4365ef13ec98907d3a
SHA25678eedd51198c5daf22bdae19d2a33064a65c2e97f676ddb44dc9ed54972912cd
SHA512b4270156618454784917110a34b0b694effa9f7493cf979c342b643705b7617623e842b916f12274dfc6c3586edcd4571fca2803a7c01660ca4210b0823b6846
-
Filesize
383B
MD5d85ac8c08b51fd715d9c948f3d105e1f
SHA1ca4e98b1622e5e611e7aa93b3fc0909cda44b85e
SHA256594b471c75383c4cfce1b83685744f5358f8f0c26bd925dc92d725f08d9ab16d
SHA512a70ad4dc65fba37f09ee69062e50abe74f9521aeae710061217673eba92410c9a800c51a77cda3527347bb6714bf8fb35cd81fe61364e36f62b28b5eccf0dfe5
-
Filesize
417B
MD5840c4bbf45ecd51f0dbdb329be9499a1
SHA12ae63fda363f80a8e96dde1ca5d3d07b2dc6f663
SHA2568ae4b19ced66793e6a3768dc36bb2ac9e264bb2c1f4ea2d34ca81312b825edd4
SHA512e20d6487abc72795fe4a0edaab891166a24ebe0874e6e3414d518f2116f54a54798992487a33f3b4521286bfb67d3fb637153cd6167ccad157d60d0c739d69a9
-
Filesize
417B
MD5f2278fce87ae62f2d940f4b3992e817c
SHA1559a369412282335a10c4683636855fec49b43de
SHA2562349ed010ee2c7b70dbfb2d11f9f733128cb4032a698f63f068617a63f513dea
SHA51283eab7d5bcc374288a83d94e9ce9ef2a37a72a82ed4182402fe24cc563b96486b29d8d0318a78ad0f9a993861bd82aecd70fb1a08e262ca857bbf5574f5cdf02
-
Filesize
417B
MD59edda4c68f947b4f3d81bf6fdb2f9e62
SHA114d2d20b334a7f66295d385c4ccc8bc6c412d017
SHA2562cb02a7322989579cd21142f2e7af359d88d35a106aa89d1944285290ae89008
SHA512420a4f2dec0c8a129348a8d5d1fab1dbc5dd627de5800c26b4e2ce27d15cd5a204c7f0ed759e825cc1e6956715cbf6cdf01e795e33b635b1cf9e39b9a47a8998
-
Filesize
417B
MD515e2dc3683d9dddf63d01c7af194544b
SHA1353f574e7c4d2c702403017d33e1183e2d93f264
SHA2569fc7f28035db03954d58a38792458514397ca074a24f8f65556024cf575ac234
SHA512f8888cab116f8dc6ff146e5c12ee89f37163dc9b9cffbb0f381e28483a3a0a62bdfdf57b923c59bd9b3061805ef86ddd6653564768166f92a222e54013472af7
-
Filesize
1KB
MD5f0e9af9ae5e01d4ac1cae0695215be4b
SHA1f68e6830c1b2b2e70d4b53d7f6feec83244fddd7
SHA256f1b8fbaf59edd382a056eacd3497054dde61a1bf06e9273a44cc57e946dfaf4e
SHA5122efdb7e3c01a814799ded01cc56cb1c41ab3b6bf6861d78009014c1d3f8b45624f4959b7159c34297d2f5ad7f50cfe3acca6adb9746608407e44553beb249dee
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
388B
MD5527a94530b0b019c509c84fd384f8a71
SHA1bf4251b78133d6763a607af05dbcecf55a3e76ac
SHA256102de26ba10fbdfadd6c2cadd198f056ebf3dade79fd130363f6fd58da46c26c
SHA512a0dbb115f5d35d32945f75d07d7303d43219e9fd405d7d1d61bb703a1d151b354a4c836823448eae6d9f52f88f2666cd666233913a06efe6730ccfe71bff5507
-
Filesize
394B
MD57bb8f1ff871a0b28b8e2d0e8a01db09c
SHA181a408a155397473caaf8223adf4366dca7171e4
SHA25647406cf4a870096a71cc0384f8db9693d3b12f33139027806e5fed8dcdef9601
SHA512f0574f157d5da484a5a0c25f4161a977919fbcd6eecd9c28374d7fe24d526d5b9a81543ef81586ebdd3a6eec3cde6a5868c052c5053fc2d511f71cfd70fd3716
-
Filesize
1B
MD593b885adfe0da089cdf634904fd59f71
SHA15ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA2566e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee
-
Filesize
1B
MD555a54008ad1ba589aa210d2629c1df41
SHA1bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA2564bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA5127b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339
-
Filesize
13.7MB
MD5cbae0aa7c040761e07d5b2adb577f0ef
SHA1b5bf00fe0a37e1234e8a521ab9571016bc969fc2
SHA256970acc081cb1fcfb3fa642c24b80fc323976bfa8a19cfcc79adf38b3dc3b3a77
SHA512f258995f7e582b9b5ab8825bf3a1f76c880232310413181ea206ac3d691642d138bfb333f521e75ac2bad850f8c7eaabec29f5e3595a49f6f8ae1f3eaf83c27e
-
Filesize
7.9MB
MD545e24fbc513ad22f190ecf03408076d2
SHA188cf9f661dca34f27c21a6719055da20a105a109
SHA256ce51459099b8b344927e6a0e81df013e2d6847c2d911a1f8471889e3734265b9
SHA512b4eaa01cb71971f33dba7e732edc8366934a30598376049ccad1e6fe359b6b4ce4b02507bddf63314c95f055ca39afe071083654c8510953ac9fd5aae1459d91
-
Filesize
65KB
MD5f39b2fed64cf1696058811bd918ba559
SHA13643f4eb11237882a882beb96dc2238e8258df8e
SHA25640fec59aa71d1df7dd656af7976a4c50cd66ff43678ca50eb457d1d5f6f39ad6
SHA512997e2ee66d7e3e830a53e33fbfe6707a27c02e17dbc7b44ef786b71e1c2cbb50357c6b5ee695f61fe466d32463c9557c68db4c635d2b7228a0f706d975ebd8e4
-
Filesize
2.8MB
MD5d8d513b6da2f0b02a6079ca476ccd8a9
SHA195d70019a934ee453cc42e517c6b45f88f9f01a8
SHA2565c59b9ec0bc04fe206c9de71d3b31544cd6740d8a2bc4245567a97ec10b8e573
SHA512d1c04744e202f01361009636885bc6778622d38848642e97e9f5c7e00f848be8d5f407d50b2916aa1611d166953af6c0d7000d672901a577c9fded289d034303
-
Filesize
12KB
MD51fbb85f40c50c3349e13fa92de080f50
SHA13e6c1eb56d4e19b554911a4e3eae82ed8fb8c9fd
SHA2565ab1e3c476a029fa7f0918af67c6c80178fa870e29e600ad2fd2d851ffa35865
SHA512790b907e558f6b48fe0d385836f7072855beb32fea3c4338503242d10012c70c6e482d3d6eb61f1a407d821c74f829e46dac54a9e7f5540b5aa69d691f9e1033
-
Filesize
123KB
MD53056e1bdb7d4e19789d0319eff484bd0
SHA16791ae47aa9466fe0bca27ad6643f846853bbee4
SHA2568e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0
SHA512c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658
-
Filesize
25KB
MD529469324e59dfcc052f24b5af4e7b2c4
SHA110c1e17ac6f598037bb51baa07945663645de4eb
SHA2569195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a
SHA5125e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2