Analysis
-
max time kernel
127s -
max time network
162s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
05/10/2024, 16:59
General
-
Target
880dba220be019706e18bd7df2567f5107a66f2caaa90b46f2f78e6841e9bf7e.apk
-
Size
27.5MB
-
MD5
f25d56dea396d4ba0d45cf0a039c5bd4
-
SHA1
4783833ea0f796f5269408583d21fec64f109269
-
SHA256
880dba220be019706e18bd7df2567f5107a66f2caaa90b46f2f78e6841e9bf7e
-
SHA512
be58ffddd3a057ee08be2aefcada09335fafffc6b5d7991af78a72f1a6e81f9a5b9caeb61ff098668aeb480985ec1687113416d8722c8ec9029a9af24ee87f9b
-
SSDEEP
786432:uJ+qqQ1rxeOj6paqLB2ko4HNnlelZQpCh:vqqkFljCaeB2X4tAl+pM
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.junk.news.weather.heart.eraser1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks memory information
-
com.junk.news.weather.heart.eraser:watch1⤵
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
120KB
MD59fea8ce81b1537e59c4cb340dd5172ff
SHA1fbce4f1f3248fa01389bb46ecc1af21685ef2935
SHA256fc6c6878f0ef8859a67b5818d26b76450d1efeab5d4ab2a809598f08ea0e2849
SHA5122427c766f8f646b84eb308b3cc135ab30c6a985460fee090bbd18bb310ba0984550fbcc3b094ea7a0ec7c11db846cf91f5906af5a1ec3efb4dfef29812f6ba7b
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5538313e5f8c9c422cef3cdd5bd84efde
SHA160bb25b765d6562da91a452d96a0b5ceb99f333d
SHA256b5dac72ba92254cd5132e9c96d52f9d5b07eaefe6f8749f5aaec39c926b2ebbb
SHA512af14086d0fcbf5f19ecf1bb5c8021a36dd7cf691f95d3a2063436bb1dec3f92f437a21588ab8e414d7df4701354317a9f8ac524318a3991ccd7debd08261d011
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
80KB
MD50a99d3a41ef6017b95e11b012812e2ca
SHA1402f03cce00840ede33b6dcd15021f1159d2293b
SHA2560f3df7db41c7e843f0a66b0192aad6227a5dc5142fee02dd814eafc336f0e5d0
SHA51205e8746497872a2c81ef5459485c1fd733ae738fad2fc04d935886373468906e9c2343ab073b12dd241a6d28458807f78f1869e66e98c4d3b3fe6a63513dab54
-
Filesize
80KB
MD5d8ee3cd82dc0f326a6dc7bbf919d151f
SHA133afd44a0810a384a21d9eafc8aa6c623affb8fe
SHA2567d240470046dd648694cc67006ff09932ee9236fb35b440cdc9294e963904314
SHA512242b7a0d7f19a278d1cc0d0e5d6a35fb503871cb231115bd743173632bb51a5cb28fc6f4de75caa4360aecac0359a4170a28e87df0d7a2c13d911628900bcf51
-
Filesize
16KB
MD50b1e89b9e0997a4037c1ffc466e3b929
SHA1fdc274dc0fa7e19b3442b0fd419de30cc36e44df
SHA256b3d6b615c33b403fea429ad3232cf26699634814ef9c1d6d0e7d64d8fa2193cf
SHA51287f4e832794ad12a4cf9a6c0b6cabd6cb309a763d3ba8e69d9ced6416cae66f3d090aa37be4a99646eeebf5abf84fcb9980fb48c8f9c144950f6579774f3ea21
-
Filesize
16KB
MD5c7ca292ec01bc27055390c87a260a4ba
SHA16e230701ecca0e5fd8d338a8504edda57932f401
SHA256ec0bcb4615d649b445842cb4dd690b600cddb8b4ccdb4bf9c772215dcb8a5d95
SHA5123ba39cddf8e763ec3541f3c223aba0e14ad4083fc1a70076eaef0441c10478a048e2d3fbe1d7149d55b8c365a9d4a6086b8f1179c60a115b6c9208b832dda896
-
Filesize
16KB
MD535a7040800cad366a1eab7d4e8926a29
SHA1cb3ca86bd45ce455b3ac50ce555954da67338bf8
SHA2561fa3cae824621d77c8d257e94bc24dc622111b553a2d8471bec3c7871e7ad797
SHA512f386418d6790b63346d4bf9d2846370489b429428856f8a05c2eb9956f78b79e6aa69acf4c5048feb628c112d6bbdd74716d1f1f93a8d4ef595075c617b34f30
-
Filesize
4KB
MD53a2098056be17ed32136693d3e747b14
SHA101d596a85e744b1310d986e6f3b3e7f8cc1d62d3
SHA256d7a1ab89827df31401be4e83392389ad5aaebe8d16b1887c120a46584ee87c96
SHA512aeb0f8b402c2b9571991cc66a35e1d1a069bc94c0b7f31b2d45d03cc36a9a281a1752e2265769177443b9242e563f49ace95bd6728662dfd051a75c4e3d357bb
-
Filesize
4KB
MD5d51dbd4056df46e6583c9749b958d1a5
SHA1051cbdea271699eab0c57658535e1daa98d0d2ca
SHA25616740b6966015a1abc63387784d2b5378aad868431d03aad2e5e9ad96832947e
SHA51270812f3da43a90da62711baf9c92e192e4cb1b968be048ddd580ecdfa3ef50ba52801c8e54fd7e4ad9d1a4a6651f84e07614a8ae38254c4be2858119213470c9
-
Filesize
4KB
MD5824613b6fbe14a41a7c61d91240f71cf
SHA17daafe18b90140a0f5bbd0002d3bb7330a272985
SHA256a7abc1845c5097e4890bc0e78ecf6d33e96584d8fb525317dcc0c017b249a561
SHA512d905290c64afd78cb92f93a548e6e601433d577ffa3c83f8ced23869d5f6df8e181a4f9a98a81447fb3f3839af0bbb6eb6d304c5d1e370fd25372e0b35317347
-
Filesize
512B
MD59a50d3867823a00a8edbb5c8287805ae
SHA1c6955047f51daa564af380e2b897f90b1a617a14
SHA256e832567c3a5d596ba5aa5f03b57f955a83bf3b7f4a59a6982bc6658dbd91eb9d
SHA5121aa4ca209b684adae515dc2a35f81e12214444fd860cc7f3859d5c19d09925d7a4efd5a4a37afc055ba78f41f81ca2756d1d8d325f611ee79806c9755971d1a5
-
Filesize
132KB
MD51f4e612c91aa250766a716bc41c0434c
SHA161f58897a946ae73f9b59394246db454a426955e
SHA25636dcfa4348625bcf52702c7894bcd604d06e0d5c304522d7b812604a86f9cf23
SHA512c6f47bad859af7f329a5798899fd013a53af20b70d2851871a4f26086f761fd81823531b048d9985b58435da6505d647e1fcc66fdf7f588c59eccb455e173833
-
Filesize
512B
MD518d704316b3d4a6b13da6a914302b2bf
SHA1d384b77278cbabe9128ba4ba531e54d5eb39b752
SHA25640ad2d38212a9a202a48f8a39e0b9abdffb0faebcc65d607d5096641c50209c3
SHA51258cc152950e0ac360aebb416be149f3d8a8f0cb15637f35e9bf929f264e41c65899d102578f01aa49449217dd5d4ff3cfea60ba8bd97a39cf491e93bb1605adf
-
Filesize
104KB
MD544daa19dd403fbaca1d6f5504b557a73
SHA1e9fa6033303643d064845bcc3f3512bc62003793
SHA256f9703344866457407fffcf64550a8729c1e53cb445069e19b0ae45ed0ee4d67b
SHA51297b3feabd3453c226bdd0d421f898a0e51ec684d209473f1ef48297281a387e256098309f51fd9592b672919fbff9d23dab4bac80cb92e9dfdd1b34beac52ef8
-
Filesize
512B
MD5d0447a79dd902aca615866a923593338
SHA165f9539a3d0c61a01a811353e60c35ce5ceed72d
SHA256f81d70c47b5f331e5733be4b2f0ea267e2e3cd49b25b3a3e886bac54003ea29f
SHA5120bf5fbbbe724fe0337877c0ecd84105f102ee1a73f41b381902ae9729653b535700e06cce7332070d0a40f88d7395f218bd0d109e2be4b2d9af4220d6b50b615
-
Filesize
32KB
MD5a46f7db2b3116f7d14f5821b33914364
SHA1541781b54d7bd9368290c1fd92691ae3d9e767cb
SHA256b2d24b4c03cbd0c07cc8e497c745091ba897b18994c181392dacdb18ee36d655
SHA51258209e7e0b131c57262bc21a018c074918a2fae72ab5bedc3e305125ee776668576b617bbb32099ae072f9a1d39c6e6ddda28722536b27ae8da4e00684b862ec
-
Filesize
70B
MD594bfe46a540d6a997fe0b35dbfe1e6ec
SHA180688593ff814ec7cd209d5b5f049b62cbe66390
SHA256900665bc64b2ad030dc0c19d946c31d2b7e6085cc1c74c379882b66a2e54a52b
SHA5120f14beac0093786374faf9bd37d46af0ff597c417e1e17f9c18af7e03b3f147a6dd798d37d922ee7db424de6e467013d2ac12d043da9c6098ee2e7dc3748071b
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
Filesize
769B
MD55b224c03fd765b17ec8e09d3f41ffb61
SHA1df9f7b453d23bf5f5fdcda60a59a89f8931a8800
SHA25605d33f00675cefd3fa5dbcc44cda67b2d3c6d581aea517336d4a91742d293ca5
SHA5123fea1a487dfce8ab7b020f6e3cde1bde70f7ba81a727c736e4e7c54adc920c5c625f032c8df18a298a8d1783e9bea959ea306a0903461e8464755a911c04a3a2
-
Filesize
2.1MB
MD53e1b9633db2ae907c7bfb5926af78c41
SHA1e50a2b14761fd729d943f18048f9729d3de21390
SHA256f2bdc80ac3457db34bb590cd3345b872a6c593b62fba14ed74db933c40df2158
SHA51282036fcb14432bc5cc1a2f12c9393dff41f1387f66f501bbe262ae12a69123c2802bf29f9a303c8654ad6b28899510f8f509617f8d6198e7ed781c0d1e5a6356
-
Filesize
266B
MD5bd98bb0582b448c4820d6e70cd77abda
SHA184dc431bb5709e0e29599ed87f4cf17da8c5f455
SHA2569ab155bc6c9ea94706348fc6644f1dc9b3f0e91643d47e66a51bee5a8ce1b16a
SHA512c88c15f5f75853881a1d61df3cc67e89aebede8b86e2a82280f042929025ffb95a1fb4989515f5f06d82fc7cffb6ea1c7f8e798783d4f4834ae8602a486865e6
-
Filesize
1KB
MD5758b0ae32a888f5654d80fb6dba71773
SHA19fb9256951c3880f2c4c9201166828445eb16e1c
SHA25672acf2205f3f7a8e14d3887fd3eb1d704f21adc636ee836f9b7a50aa456cb566
SHA51234e595a3cef09863b41d5b3844adf3bc38d6f6c685465b7d08413f78b1d1313cab856e98ad1837e3bd51d275cfccf59aed6fe48fe234a2a9d0c48b0f0b5c2360
-
Filesize
23KB
MD55f23145441b95fd21fbcbdf7b51b6cfd
SHA1fbca8ae83d26382fbca2c0872b58fe2a42e0cd51
SHA256f8bc60491994834867a77096af5282190d9b742acf46a0d5a8fc527b627f20e8
SHA512fc85f04a982a35489eb4e97a2c3bb4d737dc8f7ad44a69be0b3b68c2c401350375fc4e186959fb33dfbf3e63a715b682d84c85d400ebb9eed0f382cba55dca34
-
Filesize
11KB
MD573525ab50a26d9a58205b9352d00b37b
SHA19d5c443a02445249207222577b76f54ab34e3f91
SHA25682ba14f2b885c2471fe2b8ff1059ce72763d6a9195e8e442e8fa47a0388e187c
SHA512610088224191b2aed2d5dd42cf070347b4fc4a412de3532c50a242c0364b33958135ee8637490a4e9b7cc90749db7575a91c4320f7bbe8c0f9662929a2a245a0