Analysis
-
max time kernel
59s -
max time network
133s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
12/11/2024, 11:59
Static task
static1
Behavioral task
behavioral1
Sample
c27ceb9c22448bf309944915e231d8fe.apk
Resource
android-x86-arm-20240624-en
General
-
Target
c27ceb9c22448bf309944915e231d8fe.apk
-
Size
32.6MB
-
MD5
c27ceb9c22448bf309944915e231d8fe
-
SHA1
6695bbdd38a8a73c81b0f347830b5a0690398ac5
-
SHA256
caadb7682d8650475052c260427e558fc17871a282404f161b7cca87f76701a4
-
SHA512
40a76ee2977425be3d11cd13a1c05f7bedf3b4198898068f012ec63a506b6b903479d013ff915d34c9c52c4a7aec8f983af5e8ce7bd9bb3723538dda0c39a431
-
SSDEEP
393216:ztfXZja97byLXT4+8N9MFfedy8gpHWBpGek+QTZPXt0d5lIGQDu71DlnRQIrZrqn:9M40+8PMFyynpjfRtK3Cu7TtYovqr
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /sbin/su mobeasyapp.math.calculator:AppMetrica /sbin/su mobeasyapp.math.calculator -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/mobeasyapp.math.calculator/files/audience_network.dex 4270 mobeasyapp.math.calculator /data/user/0/mobeasyapp.math.calculator/files/audience_network.dex 4407 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/mobeasyapp.math.calculator/files/audience_network.dex --output-vdex-fd=50 --oat-fd=59 --oat-location=/data/user/0/mobeasyapp.math.calculator/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/mobeasyapp.math.calculator/files/audience_network.dex 4270 mobeasyapp.math.calculator -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses mobeasyapp.math.calculator Framework service call android.app.IActivityManager.getRunningAppProcesses mobeasyapp.math.calculator:AppMetrica -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver mobeasyapp.math.calculator:AppMetrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal mobeasyapp.math.calculator:AppMetrica
Processes
-
mobeasyapp.math.calculator1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4270 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/mobeasyapp.math.calculator/files/audience_network.dex --output-vdex-fd=50 --oat-fd=59 --oat-location=/data/user/0/mobeasyapp.math.calculator/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4407
-
-
mobeasyapp.math.calculator:AppMetrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4325
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.2MB
MD58eaf531d1ce83ee3357c555c843a9756
SHA112d2365073127c8377015a2c068e54903b3f10d4
SHA2560db6b1687750bdc202310c7abd0099bd4d1dd47ccb5b2eae6ab4ee652d552926
SHA512dcfad7f813b6403f905687cb20ff911d55bbe596bc36a8eafe11ed0b5b362e6383d1914e7faf5c3fc14be130d14a1fd0d05af7242244b01d226a8f43d8d5a2ed
-
Filesize
4KB
MD58c654a4304c6b94b3d0f173ab6d4e364
SHA1815eafa92944df42d33ed7e56ae8201871da524a
SHA256875b8fac46e5de30c2c34cdf2517333b293245156657865f10283568043d9722
SHA51244c6c1f665dc6a0efaa1fa940d4ed78af7d9544708ec8304ccfd98e0a37352b993f8c533fb6a8fe10deda24f7ffe9d6a75abc6f75c4de0f79f253038d0ec3d4a
-
Filesize
120KB
MD55c5de65237ad7aa246b1e5711b90f396
SHA1b244a73e7c824d36d53ebe7c727b02b702adbba0
SHA256e00aebf7efa0ed2009d514b92610314824bf3f9b823771a35834bef8c3966065
SHA51241d776b8b27fb772de2a813ace4d70596a95b8b3ce6aa5f26bff13396e720e23d4268fc86cdc293725cde836d8e13dedc07bf1ef4bee3cf948c3cf59bd2ba138
-
Filesize
32KB
MD5106621ca7cfb8a62ee19316093b7161c
SHA1821fa7cb0742a7631c320a94a3c6a9659343f21d
SHA2563dee762a8e12d59b3ea3d851a760c0dba7f2c3f411c319eff184e01a911adf28
SHA5126b2facec2f05dfbd040ffa55da00455a9376f50f28b59cc9ee07fd259141bc853d31b67c629fdeaa2f234ff00855177d7f08061d0ae271ba296f2c39610521e8
-
Filesize
108KB
MD5e762af20a5b01ccf14f9de55e9b9cff3
SHA1015f056f98b23a901a3a572eec279e320454f61e
SHA256fed446fc1e44e303bc2d18fbb0e47198c76a0bb170ac10274cc60a39dc6be03e
SHA512f236cdf779e9d080e09a5f0391219958b17cb06f5632b1d174ec624a55173218044f5e2198f3b8ac1a95d74be7de03af71f41526b0b403c6fe2a82fd20cf784a
-
Filesize
32KB
MD5f72447a320ea796f37d8e4e2feede703
SHA12b0cdaf3b3eb2ac4bfc005133a4b140e75b71521
SHA25631d5dfe8a8f129fff8ebdbb92c05cced651133e157d586b6861366137ccfbbf8
SHA512f5458fdd4860d3f73c9a08b3f9f544add88f2346f76e93c9be70f463881d9c851646c208dff88372fbfabb6a4450e76ed27f072e3744510ddc51a28ad8217c31
-
Filesize
57B
MD55c04b121747857ee634f7538ef1a1e0a
SHA13ad098afcd46e57cde68bcbb46ab1e021930f2d7
SHA256d60d9714dd0e3bcb0b426420f08f9fa6676da479f866ff085608bb92d32e6ee5
SHA51234f2fecc8875b0b83657a37e9eb068a9ea9028bf61d8d269d08b465691bb7b62306c128f2530c27f78dd55425e6bf925b4e8c1c87db3f565c8266e9741de13db
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize192B
MD5caf5782c23120d68a3225965e4d52448
SHA1d7055419c9da7f68dc6329b3d66cb6405b424e80
SHA2560db88089e3f969a41eb656ff377055f7807019ccd9904a974915a36fdf437d1b
SHA512c06e6f3f8e8eb0990d14c256f5c88e3c27338feb3697c6de4c6f6c2bf9083bb9a55b167035acaccad45ca12b0ac78b0e85c3eac6a8bfd5a43946edf36eecfc6f
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize194B
MD5e0211ddaf47414d1af1b2f81138f5885
SHA1196c40b9ffe9dda4e8ae8ae9c8ac8df231d566cc
SHA2563372316b788e3de92ffc02a1c6d1e0e7c07a45abd3b18b98faa9e3734899f925
SHA512e2064e512a9330b832b6e7b6f8a320c52ae4d15d584fc258661520ed406a8a21f58fbab3bfa49d18198b0a932bfc2a470c8b836a0fb5d5536487c3a51cf4f8bb
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize203B
MD520c963d14b2a44372541fb21d443ad0e
SHA13de96c61ca9180552a3995de99949f39e8d6340c
SHA256cbd03974a4673fc61c548e19289b08b8fa2cbe1390ccad3a8abba26e62ece895
SHA512104ebb7483ecf4351d03949c70e2bc591399b89bf0ee036b38d8ba6b342f4350e59016a6fd45dec59c4a9c0eb4c9419d2ac89651dc99af51effc02fc90ae4cf2
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize203B
MD54554cc7469d50332407523840962e08f
SHA198e158c61ed0bb09a3e9ece36a711755029cc465
SHA256ab300c25f0a28b8738be7313456566c21b91fcc8d6ec5c5fb91fdc6710ca1551
SHA512b5f086545cd8eabb065a7731f8d1608cd0a302e6de603e72421e4309c9d43357aeccb0f9d9d574296739e25636fcff07adcc388f9d5a961a5565c45e05f566ad
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize232B
MD5842e63534bc0c7c4e95c1144b69ea8ff
SHA16da99e297cb4db40731fbfed47197dfc6fef7bce
SHA256ba275a54ea48180262bb6f3ecf3b5d757dc8fc21c0a7055794f742824feeabc7
SHA512f98318220904b7b40e4267f65eefb67683d09cec74da44e926fac8fb8e32fa6f969ac97f3d9bab1d9048ddf70c35a89a1a420026f7d65922cb88c6da3f57afa0
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize246B
MD58f0374d7f436bdce660e82a08f253ce2
SHA1fbdc8566e4a0df1d5071fc5322971ea0c7cce6cd
SHA256b6a658db3a804c86729b9e9c9d12b19d6b2fa6dab9f4ef68d3afe3ac71e480dd
SHA51268313941fe9428025bf1cb75e3a706e3cbf8ecc38741c1a4ac1d20ae239339b915e7632576927250a7ebc042ab512dcac330c0695e3596ed4c29a79f0812f0d5
-
Filesize
20KB
MD55098a38647eca4143412d23693ddff2d
SHA17cb7667fbe9f0b9e793d660859b7c96b963e1b51
SHA256760c71761d4d010c8905fc1cfd050a82d05dec9c944526231dc4496dfabd5cef
SHA5124397234b695832c29a0818a919e53d1f0530e3698e4215dcbfc8f1fb7b2c50eb9a367bee3695f2d83e7154e7f10d6ffebdf15ddc8bfdac739a567946179f2994
-
Filesize
20KB
MD5c20defabc4cb0015d31259b0b516eaea
SHA15eb7fb9573ea3db388256751aefd466c90992e7b
SHA25681458c332c06b00861cd03dbec89250f222a7d669083d681e6d21976a873d683
SHA512c3079198c2631a7d55f68f45c751009ef297b4e0100b0501faa506c6400402d642b06a3cc916cd544de614d6618bb63441d4eec9e51f58b90a2ef20652d995f3
-
Filesize
20KB
MD5ea4e90d37105bb2795323cd12c78e50d
SHA19bfe13ec711285a27bc3a41a8dbe234bdb81d4bc
SHA256a265596cf13541f68acb7f6d081fdea574864717c0b12920812efe4b1f046a9e
SHA51223f5d21ee1df6ab8799adecb4ca25a8cda4af4b5423052c0b23004ebc48cf6ffdea39b1c6a7da3e61b7a7564f2b27820da169c29673addbbc2331013efd2de83
-
Filesize
512B
MD5ded2fbe5b6375783c3eaef4b29edf5fd
SHA18d60b01b919f31af9f107522a7a4ec49f23fc2a1
SHA256fc2af7faa57a4f408eff0f851c65d96069e1d12715510f0909f74781f3d2fe4d
SHA512864e80367f64c93bf46ab74198bf47a8c4e5f9b5b58637bc7af2ae7c44b1fd1b1d1523a4d8eb1d9566403a66726fe0fc8df1115bd5b4fa50eed9917def2a7339
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
8KB
MD5041a4d186d0391117313e9c02bd64441
SHA1d065cb299a8a7f64324bfb9e2a52e66b1cd32dbd
SHA256fa7fe90992c0161c10651700fea5af84d10e8ce79bddf6688e03a05891e1e566
SHA5124c9131082bf53faee0d22b3b0646b6bd0e2f1baf27e30701dd811efff0e0e946bfb564d37c100b0fb1acba4486bcac18e0f49bdb50174f4ad97d9fef814702b5
-
Filesize
8KB
MD595c6160ec04834c6496e91604060e096
SHA1651a77f77c55ec385d73dd4b2696e33949b73183
SHA25662e5450f834279dbe5b035923cf65dd44523e43d4ceaf1f5500d844ee520c40c
SHA51256bd70665af7454813dc13e2a11c8cc5b0c1dd337eeb85826eb5640742a31b2a648f516fad3780abc539c6e9e21568e700221d338d7a6c38c0908de2b59f6d91
-
Filesize
32KB
MD520e25e843d367a2eeb581300aea0ed1e
SHA113fde293d1035b36415bfcb9f3c19303231938e7
SHA256d62455104f5e64682dc750418e01e44fd61af1fffb94497ecb17df10c5620ff3
SHA5126b2b4cbc45bd6fe63dfc24ecf8e5974e26225f4744caf5917eef9477575a42f91935406ef527555e5bd5e7fbd320599077be438d0456b6160894820f723cc53f
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db
Filesize4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize512B
MD5ceec8348df0f29696ff83bbee1b42688
SHA14fe6ebced2bfc6298c32a9005cedc1e068d3f741
SHA2564bb57b8d3ae34459b17d759abc1d75d74e9d1c062b47f468a893aabf0c9ae81f
SHA512bcc76bfec8a4c236ef96312a1dbd2af29a823aac3b72e787c36219725ff7516bbb8996576de8094a08c8fcdff8ddca398ffa2ab78602cf1e84037106fa41b740
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-wal
Filesize193KB
MD593e48a2267bd8b45533fcc707d869540
SHA1c50be4d7af62bcd4f8198346e2af2e882d707727
SHA256950cfc0cedea3f04d7a978fa00b5f91f8fdad47d60ccb7686497223f8abd9175
SHA5122a431ad61a7bb4df928b13cb847057e15620574bc3cac80677c285201b9a58e4d7f07003acd7320a82632adbd6f7dc21df41e1886a1f71c90e9cdefe3f5a22a9
-
Filesize
32KB
MD5bf2d7f9ed574947fe5cf75b77f24b13d
SHA1973d3c8d4c7bcf4ab9af5254f0b8136cf2295f78
SHA256373f06a2f2c4c81fb471a640c5444a611e06e89a3afc1f4610994032bebe8276
SHA5122df62753046679d2dcde39736b3b9247cf4eea8d34d58fb3b49c20f6f2c3eb3c67c330510acd42b0b786bfc4074d6d9bc7660a73d6284e3c2b62d3b78c6c2636
-
Filesize
3.2MB
MD599061f95058014a12e9919e2f2593771
SHA1ac9ddface5bc63bdaeabe7d8e535a36d1a73456e
SHA256be87bb0a50395917f973b4b2691d62037c7c7c6bc8aef060b49240680f82ec06
SHA512d7eabcd38af518ce5cb68691bf646044f0beec9f23bb5b031924074bfaf96b89df0103b4b9abd4c5fca3bec40741f8bb3b894b4c6f07438340a1ba97d9b89e9f
-
Filesize
3.2MB
MD5443e954b0c2bb17e6707253600f0bcf8
SHA13128b1704d9f397e9716b57d106b8c965d78b31c
SHA2567d0e7e9d7e219526ba0ef8f0edbb296d912431c976886456e33b358aa551c96a
SHA5125ffada7283de3ca8074374026c49e6826e4e88cf184b66ae20e5e9d0e2a6b4f040a345cf4a60125f97989aad3b016ce83317d434abca27c9399a32a7fafa62a0