Analysis Overview
SHA256
ea6afc83aebe255bb476fe32ae0b0256a65877f14d8483642912ecf02c8ed896
Threat Level: Likely malicious
The file GetApps v34.8.1.0.apk was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries account information for other applications stored on the device
Queries information about running processes on the device
Requests dangerous framework permissions
Queries information about active data network
Checks the presence of a debugger
Uses Crypto APIs (Might try to encrypt user data)
Schedules tasks to execute at a specified time
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 13:30
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write the user's calendar data. | android.permission.WRITE_CALENDAR | N/A | N/A |
| Allows an application to read the user's calendar data. | android.permission.READ_CALENDAR | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows applications to use exact alarm APIs. | android.permission.SCHEDULE_EXACT_ALARM | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 13:29
Reported
2024-11-13 13:30
Platform
android-x86-arm-20240624-en
Max time kernel
5s
Max time network
18s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries account information for other applications stored on the device
| Description | Indicator | Process | Target |
| Framework service call | android.accounts.IAccountManager.getAccountsAsUser | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.xiaomi.mipicks
chmod 493 /data/user/0/com.xiaomi.mipicks/files/miui_mod_icons
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | cdn.exp.xiaomi.com | udp |
Files
/data/data/com.xiaomi.mipicks/databases/com.google.android.datatransport.events-journal
| MD5 | 22b2faa5bd07ec8ab95096a6b83d45d8 |
| SHA1 | a4c1c7abcb612ae8ceae840e7abe0cd9237f1cb5 |
| SHA256 | b0bfa97dd4e1cc10b3d660f7f8c71c80e7fb4db7a4216ee72e71e81578e6c697 |
| SHA512 | e9874dcf8da9c449a77a500cb95ae09a997301747e12f1f1504795dda4e6d063cd88d4ba4a0ba78bdd02a85e004a07cf19882431e8ad48d6af2cd05d7b93d572 |
/data/data/com.xiaomi.mipicks/databases/com.google.android.datatransport.events
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.xiaomi.mipicks/databases/com.google.android.datatransport.events-wal
| MD5 | d2789f5bad1e13c9df7422467cff6166 |
| SHA1 | 93ffe1329a742fff2345930a0c661f792df05843 |
| SHA256 | deed09c0b2cf056f7c09e8564012904788d65ab534f12c490b9131f988249fff |
| SHA512 | 3313aed11541d4ff51786574696b34ff72a66d4b25ef908ebf6459959e873e6c9e5dca3bcbb628cab5e92bf7f34e4fd859740ff2522a2928106d65b1cf376b5b |
/data/data/com.xiaomi.mipicks/databases/market_2.db-journal
| MD5 | 9e85be91f34eb9ae9d8d78cfc6346ca5 |
| SHA1 | 1dd3b2532f85b7e9dabc78c2e538cf015e8685bb |
| SHA256 | 86d91dcc1da6ca6414b6b2f42fcfed36de6c46c0d042c580a676f08d1171312d |
| SHA512 | 700dceaeb397f0f7790db31bd2145c0ddc4ef91f239590a9d61992488fd2f684de2d660245e2d5e2a033c82af50c58a2208b25743a59a1c7258352cb18d1d2db |
/data/data/com.xiaomi.mipicks/databases/market_2.db-wal
| MD5 | 48a04b711c953648c701215fd693a18e |
| SHA1 | f47480e6735c68a3e961a007f8ee257898e54999 |
| SHA256 | a26e130d4f9e939993d796535b18e4a89a41ddb4359e8a7d3dd869c0dcd6def2 |
| SHA512 | de95c40631459e3d8efec3cbd7b9f098373cf4332b9e7b342aac92bc6b06371bb0a854a939fea71678b2ba6db37a394051b11a4efb2badc57eca81fd682a4917 |
/data/data/com.xiaomi.mipicks/files/mmkv/overseas_100009
| MD5 | 620f0b67a91f7f74151bc5be745b7110 |
| SHA1 | 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d |
| SHA256 | ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7 |
| SHA512 | 2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d |
/data/data/com.xiaomi.mipicks/databases/traffic.db-journal
| MD5 | 00393e7f60642883296e894256ca74b5 |
| SHA1 | ff6d7c98669eb196401f8136f772efd325485149 |
| SHA256 | 571a9996458bf4641c8bf3f839cb6d2ae8c8820e19fd07776aa52edea5325008 |
| SHA512 | a1560db71255f239b84bb145a24d7cf1dbcab0a4df128cdffdbf8411f4240b5ecda6ff28039b496b61191523a55118410137b985f36bf77f34e108280f9570d1 |
/data/data/com.xiaomi.mipicks/databases/traffic.db-wal
| MD5 | 6c3147a6b310b849ea26ff07f1f25890 |
| SHA1 | 310fc922648747a5a714edcf9077f475f93a4992 |
| SHA256 | a0cd6469b53f980670923c5e72eccf616d8e6f229203b25b2bae0da73bf0c28a |
| SHA512 | 3e67c00b534c35248afae5677d6a836aa102b7b85f89eeb5120b108942f1a52cf08e59ca77b738b79e78be656b00036779836ac7f953ec3c9ed7adac5dbc8751 |