1f43db7e5c26f753fee5e4528edd80f52b62cd00de8e8d7062d8cc05bd8634d3

Analysis

max time kernel
8s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03-10-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Platinum.ibispaintx.app_12.2.4_modded.apk
Size

77.2MB
MD5

a05cc33f303a024d093f6e4aa6ee65d9
SHA1

1bf7786aac308fcdb7fbdf46761e4d3019f282c0
SHA256

1f43db7e5c26f753fee5e4528edd80f52b62cd00de8e8d7062d8cc05bd8634d3
SHA512

c1d021e0af9297435d6c2f20b0ddf18265853be5637253a35ddc491d06b57d2827771ab81d886022ea08315cbe60f78c254f484f3a05c429b5ee1f62504c9252
SSDEEP

1572864:PuX7gLuiLsXKahYi05R0VYB2uwfbIsejwQ91A/LLsxuYbXgz:mLJiLs6bFROYB2uwfbIvU0evsxTbq

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	jp.ne.ibis.ibispaintx.app
/system/xbin/su	jp.ne.ibis.ibispaintx.app

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	jp.ne.ibis.ibispaintx.app

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	jp.ne.ibis.ibispaintx.app

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	jp.ne.ibis.ibispaintx.app

jp.ne.ibis.ibispaintx.app
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4281

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/jp.ne.ibis.ibispaintx.app/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
40070344a0e8167050b6f4e4ca29537f

SHA1
7a133634d67ba5f937f9f0d450236fb17d8016f8

SHA256
774bbbf45bb873dc2a4cdd13ef1aa7164cf98724ebfb5cf38e26beedcc71a586

SHA512
7cd572a878fbf12766f561b3872d98f217406d42ae4aa0e60cff531a66bd5e09600b61928bdbfc79de8f8f6b9a4e0871c539b581f2e623bee4df8137dd3e7bdc

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
8466c0f79ac9d6c241a02804cd035c19

SHA1
5dd708ea794fcfaff9bb90a67422e51f16547ef2

SHA256
f04b6af51ca93512123c18c539419bc9d690f4c9aae4a811cf5460d19c8bc2e6

SHA512
805bf4d13b3ab5353771f9575a7db12dfe9f87b0306f3a6dda2b808da230c3cb3a7db5f447db3c8d3698d67789d6a242463f191d987e0eb81feae8e8cccd5df4

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.cert/cacert.pem

Filesize
216KB

MD5
18c68c9898be980227f33c213a2464aa

SHA1
1057b838cf913c5e188e6ec6697b6f2b49637c29

SHA256
2782f0f8e89c786f40240fc1916677be660fb8d8e25dede50c9f6f7b0c2c2178

SHA512
0d49bd1435a25b113a34ac38b337a9c904b6ac720824fd55d410ff6d8f6d0f637b54fd92cdff31d1c632b6a77f35fe55de9c756f35365387cea94f0fd93631b1

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/66FE7468002B000110B9B9E2EB046299/internal-keys

Filesize
107B

MD5
58c6ffd18aab0e3303cd49e1d2fdb9c5

SHA1
7dd517bc9278addca0e9c229dca834edbe030b44

SHA256
2e5b79823384123598ae879303e552f5ae0bbb28f2c96b74e82a2e8abcb6840f

SHA512
eba20532172d1bff0a750a5293024efd98c0c5822f3f15b469d1a54ce917ea78cc7f644c3e7d7a59dabac0226a942474c2a481f970ba8b519c24bf0765c799b3

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/66FE7468002B000110B9B9E2EB046299/native/app.json

Filesize
231B

MD5
4c4f41a8b5061964d07451b63bcc6874

SHA1
2429394312cef8ff42b4a65d85bd46199e3fe82c

SHA256
f01b5e79a5de6fb4e16247eaaed6c7c3d8015597754f9cbd1a1112015f0a40d3

SHA512
1ecf508d802fdc19d89982da9b872122b1f73186acf9222de96ac3d739d29d65a2491121e6a4b7474ddcd4f71a5d60537b7e727c2b0b57a7a3a8177ed22e9153

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/66FE7468002B000110B9B9E2EB046299/native/device.json

Filesize
193B

MD5
488b1489ac4d3b89d10d3f873727ee41

SHA1
f65273aa79f9d0205c11dcaaf257457d85a68ed9

SHA256
25189431ccb3f67616108f0cafbb993d864566d63fc9c19b3e1b86f863a7c54e

SHA512
7493d142c751abfea8b4088f8cb72491ff48864cc2ab189d63a38a57ad5babb475c44165775834620a877aec7781f2247f59bd3427c27d2e805797de25522b59

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/66FE7468002B000110B9B9E2EB046299/native/os.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/66FE7468002B000110B9B9E2EB046299/native/session.json

Filesize
127B

MD5
7976ca43cc54424e529d9d4c6e4b402a

SHA1
88ba73b2ac69b1fbb368ce17b4664bd3ce5f861a

SHA256
2a87171a313479bb16fdf53362a52798f6367aa2e864c3c3e7f68864279b3aa1

SHA512
b3996969b7dcc72bd5e67d0f5d40bbf390c01db067cfbc21b15b90fc54e9438eefca77efb3025b604a7efd10400167b2f5d97821c679c99c0468ee4954b5e9db

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/66FE7468002B000110B9B9E2EB046299/report

Filesize
760B

MD5
746bd60981794140a658fde505407ac9

SHA1
dd5e723e03ccbe532d29051e115774ef2a782844

SHA256
0ee20d405e062bfbef0d71cb64b07779cbaf1805ea3438d51938706af7afe4a1

SHA512
8b2eda49beaafb526f57808477b4fe776dfec0921417a35e6176c14c2df66c9cc307ae303c3278e35151ee7f791e181097b7d49946099da658ab64f0705bf55e

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/66FE7468002B000110B9B9E2EB046299/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.settings/BlurParameter0.dat

Filesize
64KB

MD5
afea4912c3d321a9936fb94c7c3b05d4

SHA1
cb0a2c18f0c39894a6e02b2045e7afad12ad54b4

SHA256
f90d6062c85bc024df09a880dc6d0883414eb03934c3202d3bdae71f96a46c70

SHA512
b1bb6be225de1a5d0ff28e707e7a61c6d2b0dc52cbdcb7ed284dcdcc93146c7ddbb6cdb55a356a4e5999fb443780416e06e884fdd45c757ee9419cca5d80e4da

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.settings/BrushParameter0.dat

Filesize
108KB

MD5
664a0c880a1733c894a3da9b16f51baa

SHA1
6cf701642bfda9a8a0fd88f7f413b756faae4d42

SHA256
f1faecc24a07d56c2175b9048e8852d7cebb75e9b49720a2d47c13d450a1475b

SHA512
234b532eb386e30469871e09bacc4b0ac639e0097f55556c1c1b35ab431be52c7cb85deb9404ee62b257195781f354e38d845c123b19886062059ec3edf7a996

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.settings/EraserParameter0.dat

Filesize
65KB

MD5
5e452682faf1fe908eef1717af2c9269

SHA1
3e0674e06f5b9b37363ba3da38c43c6359f3ca89

SHA256
35f3340665f9543488dc31471311e70a8011d783ec716b36aa3f98703315b724

SHA512
fa775d683da84f1dd3afabd634c00a850e595bfe4b393dbc8afe3eec88a02a6bf62a8317b66f069b9dbe93bd50ed4b2aee92c7eb9728a084a435dbba9d980d46

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.settings/SmudgeParameter0.dat

Filesize
64KB

MD5
515da0fe007a0c288a36491e26a2400c

SHA1
194976aec48475f6b61d00d1ca210aae0ce68fee

SHA256
c9282fb99997d931e3fa79904b5a1bdd9c9f72cb2eb4cda60fe94b63ca52f6c5

SHA512
ed8dd9c1877a6cf354c82acbac4e9ae46e99c5ab72d86f87bef8b7af7b12e9e8de37ad1f395bf65c4fd843b98b413b122d3470bcb24bd9a1538ce51f21a234d7

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.settings/setting0.dat

Filesize
2KB

MD5
ad8247a82e54a40c3dc5d4f6c7e03fe3

SHA1
ac3c13b4ad771462fa69ffdd95a6c2dd3e702f56

SHA256
67d3ad46578b5ab3ecc6f045746c798f2d957a32004155470af8f5a2c390b733

SHA512
a245873e6243cd653c999e519214cf990410910da1d156fe53d92c7d4a555057899cfa1c59ccf96da28edf38f992570f543383ef76a2ad8a2227da3c0ceec02d

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
6b8e1e2f7a719510fc64ffa32c5e93b7

SHA1
74a3d4cf06a898830160dfe02bca30e66eb5511e

SHA256
b164bd3dd41376139ae662722e1366b5944228c7073eb7f6f93615b5b8c27851

SHA512
6d0c64c1896dba5d021c93d511738343de7e5d85618ce30ec26b4fbd2e6da6fca0be9691bd2ae5e3e1190d2fff669c869d50083e923e094783b3f90fd30816c1

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/no_backup/androidx.work.workdb-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a37304449cc91adf111e628b3aeed13e

SHA1
78284e18ccc85fe043d7704cd2c087360627f12d

SHA256
eb35f21ec0f49b22af0d8326183712f9964b27ae2c3db74536c43a9ac7433a84

SHA512
884abf3ab4f92b700fcba1dacfc4adcf19a82bed134b693e484477fe8d90e5a8aaf7e2ea78085b79065eb225487cce579bc909c22f16447e61924d7e9128e279

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
ac8ba64ce2aac76ac1d9339bb9f7a18c

SHA1
31852f377a0b9ef378926d393e4b786415fc55e5

SHA256
a6172176c5891b97f54073b5cb58fb07884652ca894eea7fcd023926462a373f

SHA512
8e7201fa45cf1edae168d5766c2f63da062ab6fd3ec0434113ce1f23fa5d4274e37c8977630d9de7b4ae6539a9863a1480c36abfb95bfb7eeba94c223226c455

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads