Analysis

  • max time kernel
    149s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    18-12-2024 15:38

General

  • Target

    12.apk

  • Size

    7.7MB

  • MD5

    125591b1ba792dc40478fba12b09970c

  • SHA1

    db165b084b44f98cd47540f4c73a8ab8feb05660

  • SHA256

    2e6c7354f7b4dce59752054929731c5055df15301ed094820bdbbcd5c0cfa12e

  • SHA512

    c4133747d64d31d578ad11d20f61bd138171b9254496bb40628821c78ce98c685a054d6f3bd26a6857a0b14d0eb8d83223bc74979e95f4044e1d8c168e38c552

  • SSDEEP

    196608:egbAsJ3OmCt1AsyRLm5Mymhnl6m4955q45z+YK:d8sFYUsUm2yEnl6mmjqYzm

Malware Config

Extracted

Family

trickmo

C2

http://skyfrostweb.cn.com/c

Signatures

Processes

  • nilheart.ptur744.lens
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4309

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/nilheart.ptur744.lens/app_huge/CQ.json

    Filesize

    5.2MB

    MD5

    226e709c8643b778efddd5fe1e195790

    SHA1

    9ef8bb653086f9b3aa8bd444239fdb842a82cb34

    SHA256

    b289bdcd27abeb414fe50ba4081ae04f990bcf1a6f1ccc011d8101dbd5fc7ef8

    SHA512

    c7fa9e4e5b2e690202e50d09a2a01ec453ba6d3fd54384f50f5395b8a0a909635946ee1ccc4b1bac858e31d201d2a4f6f83d17f561af9b0bdf143a46fbb7345c

  • /data/data/nilheart.ptur744.lens/app_huge/CQ.json

    Filesize

    5.2MB

    MD5

    0aa7fa04a36ff1e94535c808c1ad7257

    SHA1

    f683f87e93a04b3f7e7ef65e9d8b54c58acc36c3

    SHA256

    cce222d0fa0635f95300a3dbe2f07fef123eed04f6333774f7edc112b326456e

    SHA512

    3aaad794700cd9e56db310aa0f65930a6c7d875a859881ac83f043af7a4bfdbffb8c6d496cf65829072c8a5a69abd5b427f255bde957892bdcd014ef09ced888

  • /data/data/nilheart.ptur744.lens/cache/clicker.json

    Filesize

    17KB

    MD5

    d780f836fe54e51872bf31220a4dcb77

    SHA1

    5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae

    SHA256

    32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17

    SHA512

    62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

  • /data/data/nilheart.ptur744.lens/databases/a

    Filesize

    20KB

    MD5

    91af32c14839a2828ca58297e0861362

    SHA1

    bd758cc0bb47b570da2061d4633aa998a87ed971

    SHA256

    5d8e556cf9230390a2ea6e8fe0300bf0d3c28397a75d4d5d1138cf25713d5923

    SHA512

    9810060201633366b6d13e9b81a2d9fe1adb61e027a215cd05454bbefaa7f6e1a17aae3781eedd8095a398a05f3c7cf03b589f29d1ac4789dfbf61bce25b9fb7

  • /data/data/nilheart.ptur744.lens/databases/a

    Filesize

    20KB

    MD5

    c27670b421d0923744ca4bdfeacb51e0

    SHA1

    1e13e8c633138ddba6cc95af3bd277e43afb329f

    SHA256

    6c758db0618047e470e728d15582dfed942cb2cea3738a9894de4404c19c4691

    SHA512

    a3055c46376e8060eeaddb62b5e102417c0aa7a16b8c2fcdeff76d290efcdee91c0f7a97c042dbe7118fc9bcab2f9e412986af7ea01b9ed73550b981117016c5

  • /data/data/nilheart.ptur744.lens/databases/a

    Filesize

    16KB

    MD5

    33d0d80f4f6979739246e2857f72c106

    SHA1

    d62058f54d7f11edfb498d732a1f5385896d3f8a

    SHA256

    cb053c3486ce0addf68e21473d75dfa21046dbf59e4938c98ff887b365cfd771

    SHA512

    6396b8656090aa21f34d89ff825c7ac1f82601aae2fde9f6a9490ec24c9117bf6affabad4466c85d4ad4640e88099b06d6ea0bf489e0924decf217d744f5c0a7

  • /data/data/nilheart.ptur744.lens/databases/a-journal

    Filesize

    512B

    MD5

    55d8f809978e1d795d431e349ff879e2

    SHA1

    da4da2fa94c61bdf1782963f74c26899adf8a841

    SHA256

    cfaada4a4ca5cf0c0114a24a920bcdb9e0be8becd6ff64a6eb00d5452b0914c3

    SHA512

    51a3968716553a724c6a05c9fd136b786e7561a18b87a6d3413ec65cc0597377d79a5d832c83488cf28b6326e2157f18a1c425e2bbc878923df5540783394d08

  • /data/data/nilheart.ptur744.lens/databases/a-journal

    Filesize

    8KB

    MD5

    4851796ec37483644e579d1b0034b125

    SHA1

    abc29278ea684e207b9a91400ef4ddb61d721591

    SHA256

    de9500b7e394b0becb52507a89fe673f1a46d2beada78e1cec7bdadc39d442d5

    SHA512

    5cbb0a3ac0cdb31788ea821d6ae9f36f14f02c55cd5984a649c9199ca99f9559c813d88bb2d21ffa8a8a29604f2e1887795d13b34a20f8b7a926b9eaae113c8f

  • /data/data/nilheart.ptur744.lens/databases/a-journal

    Filesize

    8KB

    MD5

    ac2bb64ea80adb71a8eab0f11ccc98ee

    SHA1

    62baee9f9086d192bbb4e49685c17fb42ae955a4

    SHA256

    8d6b56e37259098dab7bbbe3b2f4b55fe78244309d960f7222221f353628aba3

    SHA512

    47cea3281202269da44ad412156a9b8244f562c8efd01369b39c64de81e84293ee8eb6640288eef0672a2d8e83d1e45cf42655ecbeac9a96a5602db45c81a075

  • /data/data/nilheart.ptur744.lens/databases/a-journal

    Filesize

    12KB

    MD5

    e38cafff90719cacaa3bbe95005a30de

    SHA1

    2572dd7177c4cce0c6f9dddb35e15e0ce0c6f6de

    SHA256

    7561ce38b44045314f09b9680abd693860933987a92867be20dc409e2ebcacfc

    SHA512

    fdc347fd0678d117e2a9ec57a26eb23463869872ea7df3e51da5861919d04cefab9a769712d2f8b0817a315699112ce8a7ee85a675afc88424f57b0421563fe9

  • /data/data/nilheart.ptur744.lens/databases/a-journal

    Filesize

    8KB

    MD5

    ca66ee38308ba89b9d5c1e8225688bb4

    SHA1

    9888fef4b8c90c6e1c44783c29abcb0a4a186283

    SHA256

    9d0a503b72fa5319e5ee81ce31006b0ed060f1b53a8819dda4ca0b64c910d0fa

    SHA512

    ad92a31377c5c4b1f798e76a0de5b5659d61c471408ab58581790f0c39355a6546110d5964e88d7c5e86239b78255b9ccbc7662025bf54a8bc0d76aeb7a1fbf1

  • /data/data/nilheart.ptur744.lens/files/nilheart.ptur744.lens

    Filesize

    256B

    MD5

    8a19c15ce87e233fa656d3b3bdae593b

    SHA1

    23f089716839329e2c42acd80885938068aab75b

    SHA256

    f91f1759ec179e98b7f0bc95528fee613ef2d85e215fa9e3985cdccd44fab1fd

    SHA512

    3ef4d8230c1936af3d515c9117ec30817f91048846a87cddeb607a5fbf94f62a51ac6bd3c0b9391cdfbbe718741277471612ec08811a537bdcc61e2607998359

  • /data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb

    Filesize

    4KB

    MD5

    0eb157e1a86d4d00aa601dd2f6ff3ee3

    SHA1

    fee434f784e73cc7916322e949f727caf8363102

    SHA256

    b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

    SHA512

    b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

  • /data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    eec83f9ba4cd8693dabd26ef496a96e4

    SHA1

    0a16bb4aa3543cb303a7766ebf2a6e38006c20e3

    SHA256

    94d10425c61ef7f27ce5164d3d1315293c55e4120c0024e4298cd7fa3fdc569c

    SHA512

    556b75ae98e84874fb84aad7f08e22a0eb3a26e8d3f8da583afd92f416dfcbd29a4b3ecd65f21a3c2ce9a04172d27df636f9b98cebbab61954bf43f79ced4c3e

  • /data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-wal

    Filesize

    173KB

    MD5

    ab55b4a1fefd2021f31e94ce9264fec1

    SHA1

    0e8461c9067e91e1d350505d6b2f9b33a5a9a4ea

    SHA256

    bf77fb767d2a887bdaea14636c3bf99c912cf28bcac3e790cb2cf243986f88ab

    SHA512

    8e503ae4aaafdcdee20d9195e59d3d38e73868adcdb06ca21c84c13a97c182e073793722b7ada13291d102f5033a12afc25a7e855b9d6ed8dbaf8657ec3915fa

  • /data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    13275efa242a80158e6d5ee6248d339b

    SHA1

    43c0560c4d61470543a768bc9e40d5729d03e8f9

    SHA256

    ed767b9e282572a8a44e3cf5b11635130cd7b43cbe5407f03afefd7e07ef96e5

    SHA512

    26d5f5387684c9155ae4fc5d21278f9e6b8334079925a7cf9ec7af8eb2836b99db607e1aa170805c7ec7e70ee41a1c69964dd67331e294bc1788420ad6bed0b1

  • /data/data/nilheart.ptur744.lens/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    69dc6af8370319b18826aa4de7e431df

    SHA1

    faa8e6b7741ed7b4249277b2866eb95847911154

    SHA256

    9ec04348a5e50bb9e1ff679ca05b3c298831a016f8bc22a0d5022fc6b5571925

    SHA512

    ecf1d416d46850286313da73d1c9e32a3cc9553d8a5ced6f6b01cbf69a7aea1ebe99488c5599eecbbd98865fcdf835d83a9c1b29546245608e362f5ed12748c0

  • /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json

    Filesize

    11.1MB

    MD5

    28041432b0c51e3e887643272629c83e

    SHA1

    fbea5dfc62f03e1ff784b410ec0d547de0e8156b

    SHA256

    85c845feaa13eb5b0d02b64a996bf1a84b3aa77b6cf616f3db8ae5b4c70e9902

    SHA512

    7e69a4dffce031e990827d655b83ce66bfca72ecdc5bba4a264f877e0a3788953c41e2f6766e8327127d1b68b63775569648340fda09b4ce13684f0aaca6438f

  • /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes2.dex

    Filesize

    351KB

    MD5

    fc03e38b9df1aecdaa7ad9582a3007fa

    SHA1

    7ab8f6c8c79015f5eb4809f85987afa91206ed3b

    SHA256

    b4a3a76ea11bdd51239bf96f452dfa1e7eb73fd3b34607bf903ba8810820baea

    SHA512

    7639ce7f817c0b4a926c61f1dfae18e843e2ad85188df9d5d9711961d5d9761d46f16fb36a06a9a60bbd0d0a33b6435fa7e5ff299fb287828ce8e9fa5ce127d3

  • /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes3.dex

    Filesize

    258KB

    MD5

    dbb329a8075c9e01b2cb16c0ca1e7021

    SHA1

    c165f196aa9fc7f8812244dc029318720b3e6a75

    SHA256

    d39fcf9a729d1ac899369481f0d28fb6b5f7213bfd9d1c1aca11afb8a5bbac4c

    SHA512

    d57013a783a28a2c6d116f57d60bdcee6958ffcd2402b3ebb5be57506ff73d85c9db8dda4b6d33000140c206e7fb54d3fbbaf55693af1de4155d6a085cfce15f

  • /data/user/0/nilheart.ptur744.lens/app_huge/CQ.json!classes4.dex

    Filesize

    1.9MB

    MD5

    2d73c5997273e3910c1ac1d8db7ba145

    SHA1

    25737e75ed15863e69d02a14efa781370dfec798

    SHA256

    411c3194c11f6254e4bb6cdbf247518a4696ce9bffc6d373ba7e949889db9965

    SHA512

    7adca729d74394232c26ee76272a85342fd88c9101d417ba3a0b1018f29cdbe4a852a3458548e4e333db55520cf8b0a7700f6bcb3cfee77a12ec3d272c4dc13a

  • /storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/logs/log.txt

    Filesize

    153B

    MD5

    e4caf02694c558225c11da75bd4fdf20

    SHA1

    9260fa514d959788ccccebd859e3a1c84925e5be

    SHA256

    c7f5c9fffaa4e9f86e88444b3c010d01ecf0bb447116ddcf7ada4db1b691d421

    SHA512

    5dc24231320741e09bd0caad02ece44b87e49ef8a91697d7430f200b663394edee1f8f6a8daad8169b681e5406c25c996f85c1313c45ecf0db03a6dc2cd2deaf

  • /storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/records/com.android.settings_2024-12-18-15-38-39.txt

    Filesize

    31KB

    MD5

    4d571fc789875ef5fbdf95d15daf1d6b

    SHA1

    d7e2096fca873394820abe099092d20f19cb87b5

    SHA256

    02b1676e97d515c7212e11f941b3f9344a4c4f8669a96b6dfe2ec792a688b829

    SHA512

    7458bb1795fb07949eb12cc9ad9aca8a440be09b547e67387657cd84f93ba276fa231d97f085926528ea52115a5e72646a071c82b74e10c45d74bdef52b1b2dc

  • /storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/records/com.android.settings_2024-12-18-15-38-39.txt

    Filesize

    47KB

    MD5

    e8943cbe24ace749fb6a0af0bb0e2b14

    SHA1

    39eab11241fcb6b7e82fa38e164b23a89cfd5857

    SHA256

    48d19341b41ea55ad91c7a7e701abb96fa6b1020545a92255bb9de0e64b6dc8e

    SHA512

    0df50110351c936c295a0c9dfdb23b9eb47bcd43d670cf73ed14b952d8f16e321b6553a92177bd717cb325923e731bdb96212e187e9a8af871860680a735a363

  • /storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/records/com.android.settings_2024-12-18-15-38-39.txt

    Filesize

    63KB

    MD5

    10c0d008b9d385ee63ef7ca2f83e6e44

    SHA1

    331ec41eebab37c074297b6a3c347d7d1e9b1866

    SHA256

    5a386669fc6f93c8ffc187059049bcf5f45e16593fd6201aa4cf81ba8a695dc3

    SHA512

    2c41e286f548ead7147315d926268ee33b2bfbab49eb43c9878e1eba3a380907a3e7a8d48355589d11401507dcc0b59bab5c256d6be813c5a68d9ddae11f2565

  • /storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/records/com.android.settings_2024-12-18-15-38-39.txt (deleted)

    Filesize

    15KB

    MD5

    92a4e81ee3928b07259cd453ab3ab905

    SHA1

    fb9f3cb0812300f938103f57e88bf37a1fb83c5d

    SHA256

    c3f2dd371c85335ac453f781b346a65e54d7348bbcc8b393328921b1e14fd368

    SHA512

    40b477700e33ed3af3b4425a177a7ecd66682d10f263fc3f50607836cca3afa27860889678de530bbcacdead185c94484c4a79495ce7bb698b3b1bc2539846fd

  • /storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/records/com.android.settings_2024-12-18-15-38-39.txt.zip (deleted)

    Filesize

    2KB

    MD5

    cc85f7ada5e4f83d88f4f5806690db7f

    SHA1

    7e1490529f2f684545730ab4eeff80500613b054

    SHA256

    d2060f3b628948206a3d68ec260139695020c720258c4834b4ad873aca96a276

    SHA512

    6cf6b6d5d581cb545dc814ae423596587bd68663dfc29cc61b50744f5803de73dc5f15a4f73dd4a458b07ca4510d2f9968479706648c50881e3eb0b6a0c44de4

  • /storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/records/com.google.android.permissioncontroller_2024-12-18-15-38-33.txt

    Filesize

    1001B

    MD5

    1c56b419f043be564ccf85c040ba4758

    SHA1

    28c97c81599d098b2034aa18abfc72c6c26ea956

    SHA256

    e37f82553044557524cb0b7d2de8623384e03ba01d61cf1de79b2335577c00e5

    SHA512

    ccdc36a1535485c1b62c64ed3ab1f1ae630494e4590506147468bbf0cddd5f5aad538a576a124da28637cd6e138c25ef91433d048ae8422b0d40772d6ae6fd24

  • /storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/records/com.google.android.permissioncontroller_2024-12-18-15-38-33.txt (deleted)

    Filesize

    5KB

    MD5

    584048bd533afc7f42e29025676194ca

    SHA1

    e9695ac7f7d4fa54aed6b455183fddac38d3e72d

    SHA256

    bf756181f39f52bb38d2f4f7154b11fcf4336b17c1d8bf9b62878cdb4aa207bd

    SHA512

    5561e0474eedd6a0042c7c5a1763df63d50ef68b09a415c485bf0c746d570112c5065f9368bacfe0891af133cbd5332ebe118bdc704d5f432018be38704d199f

  • /storage/emulated/0/Android/data/nilheart.ptur744.lens/cache/records/com.google.android.permissioncontroller_2024-12-18-15-38-33.txt.zip (deleted)

    Filesize

    974B

    MD5

    8b642d05d75ad1cc949a77e82a13fbd7

    SHA1

    7f3a7631635d55745ce0232e434e933dff2cf0e7

    SHA256

    362a89d9b684883bb28be5576854907a6b1958b95d0c1ca0f82044cce33ba697

    SHA512

    b286e0c75dcfb150e40f1a7c312faa11d4e2c05420d4626beacf6acb963267788fd1e45fe27b792347c813b468e6bdaebf02e24b4579d0ae56b393d04331a1bd