Analysis
-
max time kernel
58s -
max time network
154s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
12/11/2024, 11:59
Static task
static1
Behavioral task
behavioral1
Sample
c27ceb9c22448bf309944915e231d8fe.apk
Resource
android-x86-arm-20240624-en
General
-
Target
c27ceb9c22448bf309944915e231d8fe.apk
-
Size
32.6MB
-
MD5
c27ceb9c22448bf309944915e231d8fe
-
SHA1
6695bbdd38a8a73c81b0f347830b5a0690398ac5
-
SHA256
caadb7682d8650475052c260427e558fc17871a282404f161b7cca87f76701a4
-
SHA512
40a76ee2977425be3d11cd13a1c05f7bedf3b4198898068f012ec63a506b6b903479d013ff915d34c9c52c4a7aec8f983af5e8ce7bd9bb3723538dda0c39a431
-
SSDEEP
393216:ztfXZja97byLXT4+8N9MFfedy8gpHWBpGek+QTZPXt0d5lIGQDu71DlnRQIrZrqn:9M40+8PMFyynpjfRtK3Cu7TtYovqr
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
ioc Process /sbin/su mobeasyapp.math.calculator /system/bin/su mobeasyapp.math.calculator /sbin/su mobeasyapp.math.calculator:AppMetrica /system/bin/su mobeasyapp.math.calculator:AppMetrica -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/mobeasyapp.math.calculator/[email protected] 4629 mobeasyapp.math.calculator -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses mobeasyapp.math.calculator:AppMetrica Framework service call android.app.IActivityManager.getRunningAppProcesses mobeasyapp.math.calculator -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal mobeasyapp.math.calculator:AppMetrica
Processes
-
mobeasyapp.math.calculator1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4629
-
mobeasyapp.math.calculator:AppMetrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4687
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5a7950363ac8c6be635663a9cf5505c40
SHA16ae173be12d2b31a7824b0fd92b53d8c11f35ba8
SHA256980141fc168072db6c1f4e96569a71604591e1300942a56b18540a96e147c2da
SHA512b4848c30a381eb24ee317695372dae1bfd110ad8848045be333fc64e7a2f4688c76e4c9418042bf06e6f1f7f0ee59254206a7c8ab1fd99de71177e958f662fb5
-
Filesize
12KB
MD5f5101572be7f42a6029db76ab00a9a62
SHA1a653dab080d4fd514c17bc6cb7cbf65ab1006dab
SHA256415069e9aade425b5464e2ec1f73010720e327456eebc7ab6e265aebdf52675b
SHA51237413372e91fef1ddd2640a702c27ab30a9666d8f56e63994b93b6fc63e73710757a30a65706b10c5fc3171c28c416badb59c1ac067cc79be20788a1748cdd37
-
Filesize
32KB
MD5a3f3eaf50b1b8469aca73658841850ad
SHA1fdce67fe0ae770784f1153e71a07504bb7ad1d7f
SHA25601f115f0c53447d57a9271bb0f20d8cfcc4476ec230e98391d78821ae6f92ad4
SHA5121a25373694877f982a984beb0fd334f0bb64a9b9a10af70e4131630033c390042bc7a9ab1a7b25e580271ece2dcad4acf54c24a4007ca70e541f6f6d9bfadbcd
-
Filesize
16KB
MD57c1538c6fa6b13982b52733a5f2390b6
SHA16726a3593985c8d568732bf4ab2090c03f231c30
SHA2562cf7ccc878cb31f1278138c97f98da150ce1d23de2446b90213420b2c6494044
SHA51249e97289574435e5c347940e6dc4226570b1e9ae9461330ca9e69aa3882cc21c1155380a2442b757bd20c1ccc82a135c251f01afc8e37e8c2f68cc3591d541e6
-
Filesize
108KB
MD5fe1116375a46f8977224194f19569dc0
SHA1aaee95e0714cc941d80b04316b91f9a1ffad55b8
SHA2567653a7796d374b670ed482507795f774236123b9b8f3a5bc496c3fed8f99e452
SHA512ec8998be2d176c72193ff32cf3e5fef96043058e38053507181ae22bc399ce284cdf185771281ed142149ef523d43e09134ca5a16e74a86d495439118497f7f0
-
Filesize
104B
MD511a8470d07d3150826a925c67615cc75
SHA1e89518df80d12c3e653c4a6b2d12cedc9fafb56c
SHA256af72561227ddfb497938aab0a4ce790cd6d7b24efa1aff4f6a41510fb2d47dd6
SHA512f4d7835d0d7be5b6404d3baa513a2e239fc518fbd77f13d493f792ec98aea25fd7b0c1665f16ba9e971bfa768f56407598a8c0db3f8c1b4f47c22e4c68a7237f
-
Filesize
124B
MD56f064366cdbb7b973be7cf6000af78ec
SHA19e07a7e43de1512e50cdfc34ddfbaf2c0573fdee
SHA256c9af096b45d3b99814eb257d81075e48ebe1ff212a7ddf69f4f4e5f8fb3e6926
SHA5125f3fca68f01a04dcd79c65602888341f48060a83c9b4fabde636b11cba408d4df514649ef595a014c0ec0a43e6f40233538defb01d0b926b00d11a742bc51e4e
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize192B
MD5caf5782c23120d68a3225965e4d52448
SHA1d7055419c9da7f68dc6329b3d66cb6405b424e80
SHA2560db88089e3f969a41eb656ff377055f7807019ccd9904a974915a36fdf437d1b
SHA512c06e6f3f8e8eb0990d14c256f5c88e3c27338feb3697c6de4c6f6c2bf9083bb9a55b167035acaccad45ca12b0ac78b0e85c3eac6a8bfd5a43946edf36eecfc6f
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize194B
MD5e0211ddaf47414d1af1b2f81138f5885
SHA1196c40b9ffe9dda4e8ae8ae9c8ac8df231d566cc
SHA2563372316b788e3de92ffc02a1c6d1e0e7c07a45abd3b18b98faa9e3734899f925
SHA512e2064e512a9330b832b6e7b6f8a320c52ae4d15d584fc258661520ed406a8a21f58fbab3bfa49d18198b0a932bfc2a470c8b836a0fb5d5536487c3a51cf4f8bb
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize203B
MD520c963d14b2a44372541fb21d443ad0e
SHA13de96c61ca9180552a3995de99949f39e8d6340c
SHA256cbd03974a4673fc61c548e19289b08b8fa2cbe1390ccad3a8abba26e62ece895
SHA512104ebb7483ecf4351d03949c70e2bc591399b89bf0ee036b38d8ba6b342f4350e59016a6fd45dec59c4a9c0eb4c9419d2ac89651dc99af51effc02fc90ae4cf2
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize203B
MD54554cc7469d50332407523840962e08f
SHA198e158c61ed0bb09a3e9ece36a711755029cc465
SHA256ab300c25f0a28b8738be7313456566c21b91fcc8d6ec5c5fb91fdc6710ca1551
SHA512b5f086545cd8eabb065a7731f8d1608cd0a302e6de603e72421e4309c9d43357aeccb0f9d9d574296739e25636fcff07adcc388f9d5a961a5565c45e05f566ad
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize232B
MD5842e63534bc0c7c4e95c1144b69ea8ff
SHA16da99e297cb4db40731fbfed47197dfc6fef7bce
SHA256ba275a54ea48180262bb6f3ecf3b5d757dc8fc21c0a7055794f742824feeabc7
SHA512f98318220904b7b40e4267f65eefb67683d09cec74da44e926fac8fb8e32fa6f969ac97f3d9bab1d9048ddf70c35a89a1a420026f7d65922cb88c6da3f57afa0
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/appmetrica_vital_20799a27-fa80-4b36-b2db-0f8141f24180.dat
Filesize246B
MD58f0374d7f436bdce660e82a08f253ce2
SHA1fbdc8566e4a0df1d5071fc5322971ea0c7cce6cd
SHA256b6a658db3a804c86729b9e9c9d12b19d6b2fa6dab9f4ef68d3afe3ac71e480dd
SHA51268313941fe9428025bf1cb75e3a706e3cbf8ecc38741c1a4ac1d20ae239339b915e7632576927250a7ebc042ab512dcac330c0695e3596ed4c29a79f0812f0d5
-
Filesize
20KB
MD5137a3374b253b6be876cc5941574e360
SHA12dce8bc723786d6f42eb9166f1e5e06dbdee35b0
SHA25661b3d4f54e040a418013b144282f9ea9b8d22a986f43c7ec926c4176e6ffb26d
SHA512496d7079e6296b038f6c68e30e91533ce7f61b08fd7e8dc255b4dd2cf0b7c6fe6a462cc9bf5d0f2751323d6aa0ff4d4b4d70b690fe962654b752cc3549df3631
-
Filesize
20KB
MD52376d4e8901efea3ca406aafa8e02905
SHA119a001fc5468a256a2e133f9715d3182ee2efcb3
SHA2561de5e08b318e06f2013e77f84fe7636d128b9c0af5340a917d6455afbdb3a087
SHA51205ac32b6ad88ae41fe9ab02e390523f20f825da62a73d7daffb251b6a5a10609a4ed47eaa1d566d1e4cb4e20a723f70cc26be66b300de4239c13504f64925d3c
-
Filesize
20KB
MD514c4b01833df95247204d9244c7c5ebe
SHA10beab19a7ab1d0e05b5a5a85476e1c8d6e945abf
SHA2563a3bc068c7f8139ed3d3ddd3b3410cf47fcc4f1f3f702bf273e08e4066a57346
SHA5122bd52458767a86a9d2d27065520900fc31cc376b6d38c035507685fa0c09aa8fa52cabb5b650cf57dbc06972bf29ba76b384cd3ec2ecb7eb647be4af124a3930
-
Filesize
20KB
MD5ad0c52072e059342a080aad939e59612
SHA132c48f81f80414d2d01c732e2444569f3cd17422
SHA25665e5ef10a3bdaa2f6b933d2106264ac27008931f216732fc71179fd26624129f
SHA51204b8996de631b03343600dca0dbffc8589ee8aa75b96b285756e69d010b85c03e0a2f168b363dc7aaba940ab680864b346976afe604ef26abee7dc0af6d1fd83
-
Filesize
12KB
MD56ec57821015cb0629b3b0eb7303e846d
SHA11e9c7ee74f5fd2d870e2d6e7d98a52c3d4f5977a
SHA256842fe03f96881c6e02e767e3dad119ef4ee917db3584095db83429bc40522aa3
SHA512373e32621e2905c5422aefb47896c2c41f9184c2aa280655147e104ce549bc59a9b8d82bf2cfa40950b1c4aaeedd8a7c6c29affe69893942a78643d271332d2b
-
Filesize
12KB
MD53f7e6f761a726acef963f93d89d9c73c
SHA12c0775d86e25149f75c8ee544a1f889028aa5464
SHA25613c4244ae7fe907a7a861900c08e0d7c29cf2381405641683661522aff1e2912
SHA512b86b6edf270516712a0cbd880d56cdee81cef59a43ef3bf39230f27aa49e6601d7b78d0b667392c6ddc1e06b5dfe302deda15bf7a4fa58ad9efac9c8001a2b8e
-
Filesize
8KB
MD5976120cf04272424c9819276bd456ce0
SHA105634e55c1c93f0d5bc25dad93f80d636075d942
SHA2567963f8a05ba5324cfcc33b69fda0f78350b0df418166b59e45b85fa2b4e727f1
SHA5126026e277d0106b8f1352307a53d875505db0b01b3adf06ddd2002f71a3fe15138f670c05bda0d365e764cb3c7797c9618d8b4e1f968fbed978630fb51b752b60
-
Filesize
8KB
MD5dd0c28c0cb3f63124a694c0184073a6a
SHA18d81d158c6ee7c13322442f4dd6d31e9a753bd4e
SHA256db417c56c26b99810d765d710d7676f35fd3448867d588c14c4305d986334ff3
SHA512212996ef51c6a58f5a8a56c4da0a5d851f6066efbf1bcd8c53bc886a060ad38869f408d524494a2d272d6b84835ff6756bdf14fc64b703bb4dc2e97b6c54e8b4
-
Filesize
8KB
MD595f656c33635fa0736ab7d0fe18f7750
SHA1c158ed245958a2f80e2d35e56ac85d9be345b7c3
SHA2566b865dcfef0ee6dcd13f7fd2b6c61c26d0782d15bb10f778c6e9fd7ff8cdac7d
SHA5126c895199c70af706ebecdd446218637ed9c7d65afbf32c16de1816882433644e70f803bd0b9f3b34d06c50c201c73fa3fd19978e6064f4489ad58a0ed4a6466b
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db
Filesize36KB
MD50b51b11787f0170f474fb3fb2bf46cb5
SHA12eec5b1a8f72f0180086bb1cb68fdb7e36164356
SHA256e9d663e2bd199c5c5cbd2ae3be2940267aed2c3b18f2c3b32618fe229fc2df24
SHA51278056e69bce9425c44b3fdafbcd869be9ac840ceee56f3a676190eb2045082de192cb82ddb74a46c0b6e8864e15d2b678399aa0b16232467c70bf5e3e77a057d
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize512B
MD587727f56989e8f7232ef27b1bd9a1ce0
SHA1706f5ea6ba6687b59ff56177cff44a00e921c04b
SHA256cd52ac995871d21682d35050c2576afa83538a49ffdab3b624e53bae40d6c351
SHA512ba8773f066acf5369a11d2471597c0cbd38cb58b4f07fd8c54e9981236edb52eb7d0de6844e06e2d203ac3ad49056885acc8bf0f9ec40be625c0fb922b3e2bf5
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize8KB
MD573ef395a4ddc719bed57b936fc1251c6
SHA190d4e7acfe37e120c7872eb9d4a71aa502eea981
SHA25666ac3833b5399881940ab12636d5d08d46e2e6f520addd3850d099634dfef28f
SHA512d097125684ae9cf499b33de93418d8f27bc4306a25452ea240523906b15976f7f34aed8cf892926b007145a95d970381354fed6ab7cb1757a6c636543397c86e
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize8KB
MD5fcb9ad41537d7dff845df09105d5d23c
SHA15c4a2618b01b74bfaf78103d546d8cf66cf060ec
SHA25639be724f0ec164d8bfb2669ea053f71a3069d668b9ebf0697507a21b538bdffe
SHA51227303972532a3c36705d7cc2c8ba96e5b59638ef7455ac52f778892068f522abc5334c910cc9de974a5c4b29a0ce339a49c4c040400ee941910b74e6d78f0e71
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize12KB
MD5cf3b04b0e1bd0a244537911377196907
SHA1810b0b0082be4860468c1d419bdd606bd80a7fc3
SHA25603d4d02b10a1c545af4f8d0eb1b0d80ee7bcced02f8c55625b58c5da9c578b97
SHA5121ef0efd206341f089d9c7822ba1fe68742f278736e3201dc4c0919aa364eb12ee6ba6f9c84f9a4196259f7bfcc3a537ea1643bcf2fdc59cc04fb7374fab2027f
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize12KB
MD57c106b5eec7d3e30dac28bddc34313a7
SHA1caaf8e686bb3786d2fb24b95cbb78fe73f332abd
SHA256f0aaa0f01869ea665a61a9db76eccbd564b84947fb31b72cbbc2883378d93d2e
SHA51203ca42b47c0035d0bef49edaa36b88bcc5af3a6fc62b931e7df256764dd3a9f0a4aa59133ef031bd78d44b401c8b80492f3663e7b25441c73bfb70001bc4adc1
-
/data/data/mobeasyapp.math.calculator/no_backup/appmetrica/analytics/db/component_20799a27-fa80-4b36-b2db-0f8141f24180.db-journal
Filesize12KB
MD520b996908da4ff47195283ab6504a0b7
SHA1bae66f20bb29044c621d0c0ebd6d8bd1b8902526
SHA2561e148b9d12479d7cc78d2ad13433168d3bfdbfe768a2ba3b8b56d533b9ef38ad
SHA512cae8dced15c3d406d27c05da05ec9ee9597574abafc54a4654873ed10aaf7cdf99fa987f2cb8e2e5e7a03d7ef6195d1bf7f3bb1fc7b12ef1d39cb788b6d87a90
-
Filesize
28KB
MD5c5fda0d1a2eeb0acfa85d3db61fa0236
SHA15978027f9364d5ccd85c86385e3a32226fc0f595
SHA2567464b8cb6e204e5ac0002eb97983751e356f41c0fa5aba6536a4bc9d99daf9d9
SHA512f004c4ace9d57f0678ec772385a0b4fc89dbe5e6d8ac634402fa8825bb19fe72e74955d1d250498f7ddbb634a0af4a811c1faf5725f9e30fafb7e2386c342be4
-
Filesize
12KB
MD56169104365a7fe6f5148e45fcd52e931
SHA13720b201106308ff0e893a345a5619e033696821
SHA256ff7d00eb304d2108a9e614724e9916c06e0963719f45c62e8cbec099e2ca0c6a
SHA512fa0592d015e26108b3ee83b116ce095961e7f9841f49adc48e0e089ff8540882313356ff52a3242fc6b861f086f705ca5588c8334979f4aaece43ed99e7cf781
-
Filesize
57B
MD55c04b121747857ee634f7538ef1a1e0a
SHA13ad098afcd46e57cde68bcbb46ab1e021930f2d7
SHA256d60d9714dd0e3bcb0b426420f08f9fa6676da479f866ff085608bb92d32e6ee5
SHA51234f2fecc8875b0b83657a37e9eb068a9ea9028bf61d8d269d08b465691bb7b62306c128f2530c27f78dd55425e6bf925b4e8c1c87db3f565c8266e9741de13db
-
/data/data/mobeasyapp.math.calculator/oat/x86_64/[email protected]
Filesize840B
MD5d3fba63697abbb4c20e22de29f78597f
SHA1dd26f7762a98223a1be955ac61526c586a32ade3
SHA256aa64a0141d3c3b9e591df04d82684fabd33bc07f315135e282a0405b6abff58a
SHA5128018cdd426f0dcddd0062a29a9af7747edd27e18e0d1f41fa34d35ead47bd16fbbc49e716aa36634218571757e6e3e38f55ee57c1ceb495892200d31402cfc7c
-
/data/user/0/mobeasyapp.math.calculator/[email protected]
Filesize3.2MB
MD599061f95058014a12e9919e2f2593771
SHA1ac9ddface5bc63bdaeabe7d8e535a36d1a73456e
SHA256be87bb0a50395917f973b4b2691d62037c7c7c6bc8aef060b49240680f82ec06
SHA512d7eabcd38af518ce5cb68691bf646044f0beec9f23bb5b031924074bfaf96b89df0103b4b9abd4c5fca3bec40741f8bb3b894b4c6f07438340a1ba97d9b89e9f