7115c85eb5c7bcd35376015d3af8fb6f22976953acd1581c6977d255eaf57dd7

Analysis

max time kernel
18s
max time network
152s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
12/09/2024, 21:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

pixellab-1-9-7.apk
Size

28.8MB
MD5

604a287f9719c70771698c85426f7148
SHA1

9d364f6cbe18db1281186d2fe53c8edbd6d41c50
SHA256

7115c85eb5c7bcd35376015d3af8fb6f22976953acd1581c6977d255eaf57dd7
SHA512

5e6de33d716dba54a2353292553d2463fd7a6cd732ca8a945e8decfc533eb64ac9f4c0f4a6f9da435b473b2c622f3c9029e1549397ad3f1af62808311bfe7456
SSDEEP

786432:qEjEEM0OOOOOOE8/jId2OM4xAbLYPM72bmii:qEjzM0OOOOOOE8/UdTWbLYk7qmz

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.imaginstudio.imagetools.pixellab
/sbin/su	com.imaginstudio.imagetools.pixellab
/system/app/Superuser.apk	com.imaginstudio.imagetools.pixellab

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.imaginstudio.imagetools.pixellab/[email protected]	4984	com.imaginstudio.imagetools.pixellab
/data/user/0/com.imaginstudio.imagetools.pixellab/cache/1582435991586.jar	4984	com.imaginstudio.imagetools.pixellab

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.imaginstudio.imagetools.pixellab

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.imaginstudio.imagetools.pixellab

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.imaginstudio.imagetools.pixellab

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.imaginstudio.imagetools.pixellab

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.imaginstudio.imagetools.pixellab

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.imaginstudio.imagetools.pixellab

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.imaginstudio.imagetools.pixellab

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.imaginstudio.imagetools.pixellab

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.imaginstudio.imagetools.pixellab

com.imaginstudio.imagetools.pixellab
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4984

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.imaginstudio.imagetools.pixellab/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3581702BE-0001-1378-39BC9D2AD366BeginSession.cls_temp

Filesize
77B

MD5
673d5a57716437aca400b77d9ff4f122

SHA1
f085c1dff4872e128ae8db0ab33206cecfab116b

SHA256
98e1a834620c739fc8e9d39b377e39bc883b9ed84693fb6575252f3694a91390

SHA512
17fc57c01994219ca6acc2ba2d52709edc3db73f16a9203cde61dc08ea6eadd05d5d711a9903b297287e0dc86d30cfefad647e7530a1c4a8f5e81d5409a7e1fb

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3581702BE-0001-1378-39BC9D2AD366BeginSession.json

Filesize
132B

MD5
e06469758e9d245d28e319c29f137b8f

SHA1
f99fbf6635b5f9c0016cac1260a8632c81fd86aa

SHA256
b1ca90941b70018f56d2a0134656fb71b8143528379f2938dfd7611b7d38ece3

SHA512
1637a0d2e59bed5a7ef89ad6ededfcc9a5cac9de3ea53e9274916fb8d66e8e3b0c495039f122b2569f6447de3ce108cece3a7103a2692a3dc192e730e8a03994

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3581702BE-0001-1378-39BC9D2AD366SessionApp.cls_temp

Filesize
132B

MD5
308c1d274819b40490c87fb67f10e955

SHA1
b827883e3e792d4906d174ef77d48178717ff737

SHA256
3109d47f51202adf00b980ad7ac81c5d4aae330dc5416f035c1c85da7f4c8c6a

SHA512
a2df43488d27a8f77042c7ca609c3400498c3e39d1e7149d5567c4581f9d3b31ed82cda4bc1328d9fcc862d2eb2783105eb1d917af06ee0c545879913a852e9c

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3581702BE-0001-1378-39BC9D2AD366SessionApp.json

Filesize
245B

MD5
33b3ee6fbabb550e987d9326d43e707c

SHA1
0b5be87c8c9b507be6f7998fb935f88f3e793c0f

SHA256
18527ebd5efd9fba7d33ca8e483a42a9fbf9f026e7987aba7f947459b0d6c511

SHA512
38f70f6e0db85b7cd1d15111af7e3c04ada7466bd983337641c58f2d6fd74f0ad39f1a0eceddd49cddeb8c0300dc83f486fe8274cffc8daf26087c4e1f334115

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3581702BE-0001-1378-39BC9D2AD366SessionCrash.cls_temp

Filesize
58KB

MD5
4e33c21d36c8b6d67b7acdb05d8d2b5d

SHA1
8fd9356d296798ede1b6ace48a74b6ed067c9820

SHA256
dcfaf44194dc98d87f0088ee55ddcbad5b54088b5d4a6bfcecb724ea294c5245

SHA512
af8d63b8bbc3b39f7ea66a15eed90f12feb108075c28db6611d0911cc6d6d34d00969a660cd7e73e88358491508f375dd2ecf57b7c296433190841496a9a2107

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3581702BE-0001-1378-39BC9D2AD366SessionDevice.cls_temp

Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3581702BE-0001-1378-39BC9D2AD366SessionDevice.json

Filesize
202B

MD5
afa07370d07ed0a8ac9554ee7001bb72

SHA1
d1e9de22fda1295087525ff3a377f7d7dd410ac7

SHA256
8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

SHA512
a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3581702BE-0001-1378-39BC9D2AD366SessionOS.cls_temp

Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3581702BE-0001-1378-39BC9D2AD366SessionOS.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3581702BE-0001-1378-39BC9D2AD366SessionUser.cls_temp

Filesize
4B

MD5
3ed7a02f7ecd29e9a0da73bbd02b94dc

SHA1
ac0e7b5b3976127f95e987bd1f27e504b343a305

SHA256
dd385bd6d860af19cb2c132d628e3d6872d7b89b3bd2d50f56253bfcb84c78ae

SHA512
115fde1208bce0530dea2a5ce627349653d304274582103eda80da3e254ac4c3963444af769ecbda4bc609d89b2816e6620c2eae88f7b3cf3c5e9de5491855a0

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3582602C5-0002-1378-39BC9D2AD366BeginSession.cls_temp

Filesize
77B

MD5
8be0c8d72ac565db93cf7413fa25cda8

SHA1
f6aaa5f8b4bac8c436664c505088b99217a5bd64

SHA256
e4a83a1bf17fef74f5834a6354e49d9e8449ad493da97b4506b08c53a7778244

SHA512
f9d5d192af7e138a61e6dc52e65c92b427ae7e7d2eb1b6d87bb1c3071ec041e42b28db1cbb9c11b54b9308c136984479e395e2ddd538e7b2a15dc85bba3e05e3

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E3582602C5-0002-1378-39BC9D2AD366BeginSession.json

Filesize
132B

MD5
62366f1aace1e6af76ba2dfe9c6147ab

SHA1
4e4bcef8f97fb8cc46bf5e6fc9817e4bcdf0a390

SHA256
eab2b9c1f25b8b20556d38fe822ed9d22346b80641ab5c8d4b3e9fe0395b68fb

SHA512
3f77ca4e5c5ebc9009a9d59a1dbda808488d8475dc0ccbb88561737f30848268b5852ce686bbb666e5a6a621e4493d1734f1ca053165d85f98fa5c090fdf905e

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
2KB

MD5
03be2c4af312c42ce3c8a378cfe04647

SHA1
f1255209f81bc17592d41282caf1acdc0d9e57d1

SHA256
107ed73c2314afb34f4636fceb69f33ed588ed161cb6bdd1cdc53f0723f51947

SHA512
35429a3e08c6875c77ef1bfcee621fc544e59e154c20b0331034a3a4cc3d43908e87426418418c42adf24546bcefab84d3a9749189efcb1af9af67afa3d63d71

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
449B

MD5
db4e2fd8052496580f4a0cc0ac7ff644

SHA1
4bea2ad78976051b9f642d3d1fce1868551649ea

SHA256
8244e36c62d5b0f16319c51a187085b99dbd51179aeec26e62516214b824eb77

SHA512
73281866b0847b2aee73c3349b2afacf1dcc6d9c25617a8e8033240626cbaec441fc83bcff91bfd7c1088a6aa1dd134c6b13d212a5c7a5471708477fdc737c64

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_21f952db-208f-4f61-bdff-76a643073514_1726175257915.tap

Filesize
357B

MD5
c5af6283da0077a2b21af83b2294a434

SHA1
3d7ef18ea1a6dcfec8b498b5b637531e56b90d7e

SHA256
0a0a6f09a948a5160dcd50952587c0db2196d1593a1771a1e5527704a145f086

SHA512
4e76151ea62c09febf0e801fcfd115658aed8b5b7299c8da0c9c2652786e9f40e4ae2986441aa7c962c62ec359db081e64ce93da940646f0462266a48e737692

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/UnityAdsStorage-public-data.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/UnityAdsStorage-public-data.json

Filesize
54B

MD5
5e01cd94aa5a987723b3c8bfff5ca28e

SHA1
c588f61e88f57e3905f12ab0494322609af19fa7

SHA256
87d24f4375a47581def81ef68038f75dc65fb1585b84da0c0e013a075222b5be

SHA512
2b76d3d691b6e2281905c7aaee2ecdf228f883fafaf6120bd34c3effc4447a162c47aca96aeb6c894b1f38039b6e6495778e630f90e5fcf2ddf6c20c5ced5a41

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/UnityAdsStorage-public-data.json

Filesize
162B

MD5
5fd5237c4ca232f903407d0044b5b2e9

SHA1
7b1cdc20455199f5f96113f7ddd390509334dd1d

SHA256
3d955275f42aebac9a11186406b4e5b97a3c7b7e5d713b5060114f46aa3fe066

SHA512
4122dbcfcdfaab7783917f2e4653763814b41c30f6ae9fe11e2868e4bd21eaf8083fe75093d6457684d2dbbb41e3991ede5c7ef8e139dac32f0d43a7a55de8c4

Download Submit
/data/data/com.imaginstudio.imagetools.pixellab/files/UnityAdsStorage-public-data.json

Filesize
219B

MD5
0424d8db7735e4404ad1f8711489e968

SHA1
36f1c3fd601918d6b9145a9d2272b5da137d8fa4

SHA256
447f31c6a1c3ba8aa15dd4d9c4f1f67198b28c75dbc1b1f36ee451f04b37a89e

SHA512
fec193ceb9a54492ec34ac7ecf5b8109905f4c0a47dfeb7ba38ba13091cfb2bc193651f0e8438da850443a0842b6dda37a5bec0dd75950adb092349d1957f57e

Download Submit
/data/user/0/com.imaginstudio.imagetools.pixellab/[email protected]

Filesize
2.2MB

MD5
3ec79c0bb155e9db9b8b5da3398c9dc9

SHA1
0f7fe71f2a78bc867158d3d756a95ee5c005b6e6

SHA256
edd47be06bf71794d0402a70a909e8f288de394129f9ab3cd4b873690f034719

SHA512
129837efcfca1c6fbe36cdcacfe0d1f3de594e6e4d7c0c320bb658ed70e60876c45ff61c7981e7bac222bfebd88c1f31cda55ccd10cb76a64298838d4abb8a94

Download Submit
/data/user/0/com.imaginstudio.imagetools.pixellab/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/storage/emulated/0/.appodeal

Filesize
5B

MD5
88278dd6f1c310e699905218a9161893

SHA1
616e70e35b2ce06b150fb71911606ea34fa100b6

SHA256
469abedf5797bb56f1afa35a227eba1d8f7b3e22c99426e527da4b0d839dde15

SHA512
86b75a46ffbd2c5f9d3dc8c3a3ab8c52a5a93ae22c669c3f20b7a715be6875af0fdbe25e7899e6b4c8ec9d328b634d2674d5749c2174ad3af0e95b3483fbb106

Download Submit
/storage/emulated/0/Android/data/com.imaginstudio.imagetools.pixellab/cache/UnityAdsCache/UnityAdsTest.txt

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/storage/emulated/0/Android/data/com.imaginstudio.imagetools.pixellab/cache/UnityAdsCache/UnityAdsWebApp.html

Filesize
2.1MB

MD5
f9eca80fbb1884f9dbdc1ffe285467e2

SHA1
ba19dd3b5dd929e3bbe1e7a89f46b4428a7ec810

SHA256
2893f4ae42ec168e8503520a776d2e8566e14aeb7a0788330161e5781f28c227

SHA512
deef70ac9e0fb6f9c0945cbf16eb186dbc3bf563211b97f93e731f096dfa79a70d7cc69dfc1037c41b095472412232093223b8321b08a33818f78eeb717ba778

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads