Analysis

  • max time kernel
    59s
  • max time network
    133s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    12/11/2024, 11:59

General

  • Target

    c27ceb9c22448bf309944915e231d8fe.apk

  • Size

    32.6MB

  • MD5

    c27ceb9c22448bf309944915e231d8fe

  • SHA1

    6695bbdd38a8a73c81b0f347830b5a0690398ac5

  • SHA256

    caadb7682d8650475052c260427e558fc17871a282404f161b7cca87f76701a4

  • SHA512

    40a76ee2977425be3d11cd13a1c05f7bedf3b4198898068f012ec63a506b6b903479d013ff915d34c9c52c4a7aec8f983af5e8ce7bd9bb3723538dda0c39a431

  • SSDEEP

    393216:ztfXZja97byLXT4+8N9MFfedy8gpHWBpGek+QTZPXt0d5lIGQDu71DlnRQIrZrqn:9M40+8PMFyynpjfRtK3Cu7TtYovqr

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • mobeasyapp.math.calculator
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    PID:4270
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/mobeasyapp.math.calculator/files/audience_network.dex --output-vdex-fd=50 --oat-fd=59 --oat-location=/data/user/0/mobeasyapp.math.calculator/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4407
  • mobeasyapp.math.calculator:AppMetrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4325

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/mobeasyapp.math.calculator/files/audience_network.dex

          Filesize

          3.2MB

          MD5

          8eaf531d1ce83ee3357c555c843a9756

          SHA1

          12d2365073127c8377015a2c068e54903b3f10d4

          SHA256

          0db6b1687750bdc202310c7abd0099bd4d1dd47ccb5b2eae6ab4ee652d552926

          SHA512

          dcfad7f813b6403f905687cb20ff911d55bbe596bc36a8eafe11ed0b5b362e6383d1914e7faf5c3fc14be130d14a1fd0d05af7242244b01d226a8f43d8d5a2ed

        • /data/data/mobeasyapp.math.calculator/no_backup/androidx.work.workdb

          Filesize

          4KB

          MD5

          8c654a4304c6b94b3d0f173ab6d4e364

          SHA1

          815eafa92944df42d33ed7e56ae8201871da524a

          SHA256

          875b8fac46e5de30c2c34cdf2517333b293245156657865f10283568043d9722

          SHA512

          44c6c1f665dc6a0efaa1fa940d4ed78af7d9544708ec8304ccfd98e0a37352b993f8c533fb6a8fe10deda24f7ffe9d6a75abc6f75c4de0f79f253038d0ec3d4a

        • /data/data/mobeasyapp.math.calculator/no_backup/androidx.work.workdb-journal

          Filesize

          120KB

          MD5

          5c5de65237ad7aa246b1e5711b90f396

          SHA1

          b244a73e7c824d36d53ebe7c727b02b702adbba0

          SHA256

          e00aebf7efa0ed2009d514b92610314824bf3f9b823771a35834bef8c3966065

          SHA512

          41d776b8b27fb772de2a813ace4d70596a95b8b3ce6aa5f26bff13396e720e23d4268fc86cdc293725cde836d8e13dedc07bf1ef4bee3cf948c3cf59bd2ba138

        • /data/data/mobeasyapp.math.calculator/no_backup/androidx.work.workdb-shm

          Filesize

          32KB

          MD5

          106621ca7cfb8a62ee19316093b7161c

          SHA1

          821fa7cb0742a7631c320a94a3c6a9659343f21d

          SHA256

          3dee762a8e12d59b3ea3d851a760c0dba7f2c3f411c319eff184e01a911adf28

          SHA512

          6b2facec2f05dfbd040ffa55da00455a9376f50f28b59cc9ee07fd259141bc853d31b67c629fdeaa2f234ff00855177d7f08061d0ae271ba296f2c39610521e8

        • /data/data/mobeasyapp.math.calculator/no_backup/androidx.work.workdb-wal

          Filesize

          108KB

          MD5

          e762af20a5b01ccf14f9de55e9b9cff3

          SHA1

          015f056f98b23a901a3a572eec279e320454f61e

          SHA256

          fed446fc1e44e303bc2d18fbb0e47198c76a0bb170ac10274cc60a39dc6be03e

          SHA512

          f236cdf779e9d080e09a5f0391219958b17cb06f5632b1d174ec624a55173218044f5e2198f3b8ac1a95d74be7de03af71f41526b0b403c6fe2a82fd20cf784a

        • /data/data/mobeasyapp.math.calculator/no_backup/androidx.work.workdb-wal

          Filesize

          32KB

          MD5

          f72447a320ea796f37d8e4e2feede703

          SHA1

          2b0cdaf3b3eb2ac4bfc005133a4b140e75b71521

          SHA256

          31d5dfe8a8f129fff8ebdbb92c05cced651133e157d586b6861366137ccfbbf8

          SHA512

          f5458fdd4860d3f73c9a08b3f9f544add88f2346f76e93c9be70f463881d9c851646c208dff88372fbfabb6a4450e76ed27f072e3744510ddc51a28ad8217c31

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital.dat

          Filesize

          57B

          MD5

          5c04b121747857ee634f7538ef1a1e0a

          SHA1

          3ad098afcd46e57cde68bcbb46ab1e021930f2d7

          SHA256

          d60d9714dd0e3bcb0b426420f08f9fa6676da479f866ff085608bb92d32e6ee5

          SHA512

          34f2fecc8875b0b83657a37e9eb068a9ea9028bf61d8d269d08b465691bb7b62306c128f2530c27f78dd55425e6bf925b4e8c1c87db3f565c8266e9741de13db

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

          Filesize

          192B

          MD5

          caf5782c23120d68a3225965e4d52448

          SHA1

          d7055419c9da7f68dc6329b3d66cb6405b424e80

          SHA256

          0db88089e3f969a41eb656ff377055f7807019ccd9904a974915a36fdf437d1b

          SHA512

          c06e6f3f8e8eb0990d14c256f5c88e3c27338feb3697c6de4c6f6c2bf9083bb9a55b167035acaccad45ca12b0ac78b0e85c3eac6a8bfd5a43946edf36eecfc6f

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

          Filesize

          194B

          MD5

          e0211ddaf47414d1af1b2f81138f5885

          SHA1

          196c40b9ffe9dda4e8ae8ae9c8ac8df231d566cc

          SHA256

          3372316b788e3de92ffc02a1c6d1e0e7c07a45abd3b18b98faa9e3734899f925

          SHA512

          e2064e512a9330b832b6e7b6f8a320c52ae4d15d584fc258661520ed406a8a21f58fbab3bfa49d18198b0a932bfc2a470c8b836a0fb5d5536487c3a51cf4f8bb

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

          Filesize

          203B

          MD5

          20c963d14b2a44372541fb21d443ad0e

          SHA1

          3de96c61ca9180552a3995de99949f39e8d6340c

          SHA256

          cbd03974a4673fc61c548e19289b08b8fa2cbe1390ccad3a8abba26e62ece895

          SHA512

          104ebb7483ecf4351d03949c70e2bc591399b89bf0ee036b38d8ba6b342f4350e59016a6fd45dec59c4a9c0eb4c9419d2ac89651dc99af51effc02fc90ae4cf2

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

          Filesize

          203B

          MD5

          4554cc7469d50332407523840962e08f

          SHA1

          98e158c61ed0bb09a3e9ece36a711755029cc465

          SHA256

          ab300c25f0a28b8738be7313456566c21b91fcc8d6ec5c5fb91fdc6710ca1551

          SHA512

          b5f086545cd8eabb065a7731f8d1608cd0a302e6de603e72421e4309c9d43357aeccb0f9d9d574296739e25636fcff07adcc388f9d5a961a5565c45e05f566ad

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

          Filesize

          232B

          MD5

          842e63534bc0c7c4e95c1144b69ea8ff

          SHA1

          6da99e297cb4db40731fbfed47197dfc6fef7bce

          SHA256

          ba275a54ea48180262bb6f3ecf3b5d757dc8fc21c0a7055794f742824feeabc7

          SHA512

          f98318220904b7b40e4267f65eefb67683d09cec74da44e926fac8fb8e32fa6f969ac97f3d9bab1d9048ddf70c35a89a1a420026f7d65922cb88c6da3f57afa0

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat

          Filesize

          246B

          MD5

          8f0374d7f436bdce660e82a08f253ce2

          SHA1

          fbdc8566e4a0df1d5071fc5322971ea0c7cce6cd

          SHA256

          b6a658db3a804c86729b9e9c9d12b19d6b2fa6dab9f4ef68d3afe3ac71e480dd

          SHA512

          68313941fe9428025bf1cb75e3a706e3cbf8ecc38741c1a4ac1d20ae239339b915e7632576927250a7ebc042ab512dcac330c0695e3596ed4c29a79f0812f0d5

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/client.db

          Filesize

          20KB

          MD5

          5098a38647eca4143412d23693ddff2d

          SHA1

          7cb7667fbe9f0b9e793d660859b7c96b963e1b51

          SHA256

          760c71761d4d010c8905fc1cfd050a82d05dec9c944526231dc4496dfabd5cef

          SHA512

          4397234b695832c29a0818a919e53d1f0530e3698e4215dcbfc8f1fb7b2c50eb9a367bee3695f2d83e7154e7f10d6ffebdf15ddc8bfdac739a567946179f2994

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/client.db

          Filesize

          20KB

          MD5

          c20defabc4cb0015d31259b0b516eaea

          SHA1

          5eb7fb9573ea3db388256751aefd466c90992e7b

          SHA256

          81458c332c06b00861cd03dbec89250f222a7d669083d681e6d21976a873d683

          SHA512

          c3079198c2631a7d55f68f45c751009ef297b4e0100b0501faa506c6400402d642b06a3cc916cd544de614d6618bb63441d4eec9e51f58b90a2ef20652d995f3

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/client.db

          Filesize

          20KB

          MD5

          ea4e90d37105bb2795323cd12c78e50d

          SHA1

          9bfe13ec711285a27bc3a41a8dbe234bdb81d4bc

          SHA256

          a265596cf13541f68acb7f6d081fdea574864717c0b12920812efe4b1f046a9e

          SHA512

          23f5d21ee1df6ab8799adecb4ca25a8cda4af4b5423052c0b23004ebc48cf6ffdea39b1c6a7da3e61b7a7564f2b27820da169c29673addbbc2331013efd2de83

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/client.db-journal

          Filesize

          512B

          MD5

          ded2fbe5b6375783c3eaef4b29edf5fd

          SHA1

          8d60b01b919f31af9f107522a7a4ec49f23fc2a1

          SHA256

          fc2af7faa57a4f408eff0f851c65d96069e1d12715510f0909f74781f3d2fe4d

          SHA512

          864e80367f64c93bf46ab74198bf47a8c4e5f9b5b58637bc7af2ae7c44b1fd1b1d1523a4d8eb1d9566403a66726fe0fc8df1115bd5b4fa50eed9917def2a7339

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/client.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/client.db-wal

          Filesize

          8KB

          MD5

          041a4d186d0391117313e9c02bd64441

          SHA1

          d065cb299a8a7f64324bfb9e2a52e66b1cd32dbd

          SHA256

          fa7fe90992c0161c10651700fea5af84d10e8ce79bddf6688e03a05891e1e566

          SHA512

          4c9131082bf53faee0d22b3b0646b6bd0e2f1baf27e30701dd811efff0e0e946bfb564d37c100b0fb1acba4486bcac18e0f49bdb50174f4ad97d9fef814702b5

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/client.db-wal

          Filesize

          8KB

          MD5

          95c6160ec04834c6496e91604060e096

          SHA1

          651a77f77c55ec385d73dd4b2696e33949b73183

          SHA256

          62e5450f834279dbe5b035923cf65dd44523e43d4ceaf1f5500d844ee520c40c

          SHA512

          56bd70665af7454813dc13e2a11c8cc5b0c1dd337eeb85826eb5640742a31b2a648f516fad3780abc539c6e9e21568e700221d338d7a6c38c0908de2b59f6d91

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/client.db-wal

          Filesize

          32KB

          MD5

          20e25e843d367a2eeb581300aea0ed1e

          SHA1

          13fde293d1035b36415bfcb9f3c19303231938e7

          SHA256

          d62455104f5e64682dc750418e01e44fd61af1fffb94497ecb17df10c5620ff3

          SHA512

          6b2b4cbc45bd6fe63dfc24ecf8e5974e26225f4744caf5917eef9477575a42f91935406ef527555e5bd5e7fbd320599077be438d0456b6160894820f723cc53f

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal

          Filesize

          512B

          MD5

          ceec8348df0f29696ff83bbee1b42688

          SHA1

          4fe6ebced2bfc6298c32a9005cedc1e068d3f741

          SHA256

          4bb57b8d3ae34459b17d759abc1d75d74e9d1c062b47f468a893aabf0c9ae81f

          SHA512

          bcc76bfec8a4c236ef96312a1dbd2af29a823aac3b72e787c36219725ff7516bbb8996576de8094a08c8fcdff8ddca398ffa2ab78602cf1e84037106fa41b740

        • /data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-wal

          Filesize

          193KB

          MD5

          93e48a2267bd8b45533fcc707d869540

          SHA1

          c50be4d7af62bcd4f8198346e2af2e882d707727

          SHA256

          950cfc0cedea3f04d7a978fa00b5f91f8fdad47d60ccb7686497223f8abd9175

          SHA512

          2a431ad61a7bb4df928b13cb847057e15620574bc3cac80677c285201b9a58e4d7f07003acd7320a82632adbd6f7dc21df41e1886a1f71c90e9cdefe3f5a22a9

        • /data/data/mobeasyapp.math.calculator/no_backup/uuid.dat

          Filesize

          32KB

          MD5

          bf2d7f9ed574947fe5cf75b77f24b13d

          SHA1

          973d3c8d4c7bcf4ab9af5254f0b8136cf2295f78

          SHA256

          373f06a2f2c4c81fb471a640c5444a611e06e89a3afc1f4610994032bebe8276

          SHA512

          2df62753046679d2dcde39736b3b9247cf4eea8d34d58fb3b49c20f6f2c3eb3c67c330510acd42b0b786bfc4074d6d9bc7660a73d6284e3c2b62d3b78c6c2636

        • /data/user/0/mobeasyapp.math.calculator/files/audience_network.dex

          Filesize

          3.2MB

          MD5

          99061f95058014a12e9919e2f2593771

          SHA1

          ac9ddface5bc63bdaeabe7d8e535a36d1a73456e

          SHA256

          be87bb0a50395917f973b4b2691d62037c7c7c6bc8aef060b49240680f82ec06

          SHA512

          d7eabcd38af518ce5cb68691bf646044f0beec9f23bb5b031924074bfaf96b89df0103b4b9abd4c5fca3bec40741f8bb3b894b4c6f07438340a1ba97d9b89e9f

        • /data/user/0/mobeasyapp.math.calculator/files/audience_network.dex

          Filesize

          3.2MB

          MD5

          443e954b0c2bb17e6707253600f0bcf8

          SHA1

          3128b1704d9f397e9716b57d106b8c965d78b31c

          SHA256

          7d0e7e9d7e219526ba0ef8f0edbb296d912431c976886456e33b358aa551c96a

          SHA512

          5ffada7283de3ca8074374026c49e6826e4e88cf184b66ae20e5e9d0e2a6b4f040a345cf4a60125f97989aad3b016ce83317d434abca27c9399a32a7fafa62a0