Analysis Overview
SHA256
af26d6133f5729cfb029d129ca8bab77e9d7bb2903565ba2389f657e7d1e2a91
Threat Level: Known bad
The file af26d6133f5729cfb029d129ca8bab77e9d7bb2903565ba2389f657e7d1e2a91.apk was found to be: Known bad.
Malicious Activity Summary
Antidot family
Antidot payload
Loads dropped Dex/Jar
Queries information about active data network
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-21 02:58
Signatures
Antidot family
Antidot payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-21 02:58
Reported
2024-12-21 03:01
Platform
android-33-x64-arm64-20240624-en
Max time kernel
2s
Max time network
133s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
Processes
io.github.huskydg.magisk
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.36:443 | udp | |
| GB | 142.250.200.36:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.78:443 | android.apis.google.com | tcp |
| GB | 172.217.169.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | huskydg.github.io | udp |
| US | 185.199.108.153:443 | huskydg.github.io | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.179.227:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 142.250.179.227:443 | udp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 142.250.200.36:443 | udp | |
| GB | 216.58.201.99:443 | tcp |
Files
/system_ext/framework/androidx.window.extensions.jar
| MD5 | 3056e1bdb7d4e19789d0319eff484bd0 |
| SHA1 | 6791ae47aa9466fe0bca27ad6643f846853bbee4 |
| SHA256 | 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0 |
| SHA512 | c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658 |
/system_ext/framework/androidx.window.sidecar.jar
| MD5 | 29469324e59dfcc052f24b5af4e7b2c4 |
| SHA1 | 10c1e17ac6f598037bb51baa07945663645de4eb |
| SHA256 | 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a |
| SHA512 | 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-21 02:58
Reported
2024-12-21 03:00
Platform
android-x86-arm-20240624-en
Max time kernel
7s
Max time network
138s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Processes
io.github.huskydg.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | huskydg.github.io | udp |
| US | 185.199.111.153:443 | huskydg.github.io | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 216.58.213.10:443 | tcp |
Files
/data/data/io.github.huskydg.magisk/code_cache/res.apk
| MD5 | e1ccb73372f9711c3f6a6af6aef3beda |
| SHA1 | 77481b9fff50b0c4e67f75a5ed0fd2b5e1eb235f |
| SHA256 | d592157cbd03c4a7eb34ca4b5ec0c22d9cd5c336a994467acb3c3449d6725fba |
| SHA512 | 723dbf2470ede199508a53c52157b3dc7fd3d40bce5403b088f69290d2f76831308ad3fc5851d50c47f4a18f5432025d371c2787dee4cd4e38ed599b942bc60c |
Analysis: behavioral4
Detonation Overview
Submitted
2024-12-21 02:58
Reported
2024-12-21 03:01
Platform
android-x64-20240624-en
Max time kernel
7s
Max time network
134s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Processes
io.github.huskydg.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | huskydg.github.io | udp |
| US | 185.199.108.153:443 | huskydg.github.io | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/data/io.github.huskydg.magisk/code_cache/res.apk
| MD5 | f38ba5f13fe1ae9203ef9c00bfbdc670 |
| SHA1 | 6d6c4ba10c5dfb4f89068f66fb9644b649ffade3 |
| SHA256 | 68a4a2fc20d4cf41e80efc47c66459759fa82c7b13fc8dedf1112fffebc261ac |
| SHA512 | b240645034da27439db862a2a5f3e470d6f71132dda509beaf564e4ca2e2b19716899f7fe5ab3f7a6f3f9607d1c542b71e686768fd5bf0b9331c3c4f6e498988 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-12-21 02:58
Reported
2024-12-21 03:01
Platform
android-x64-arm64-20240624-en
Max time kernel
7s
Max time network
134s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
io.github.huskydg.magisk
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | huskydg.github.io | udp |
| US | 185.199.108.153:443 | huskydg.github.io | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-21 02:58
Reported
2024-12-21 03:01
Platform
android-x86-arm-20240624-en
Max time kernel
2s
Max time network
133s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
io.github.huskydg.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.78:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/io.github.huskydg.magisk/primary.prof
| MD5 | a02364eb156d8a8bcc281f6133d013ed |
| SHA1 | a42918a07aac5cc8337647281cbdb987c5d20614 |
| SHA256 | 907c57ce1bf5d1286ff334868b7dd152f95e26854b22752524e64a5fcfaa3425 |
| SHA512 | 0a697c2622b67270c2fc95ef20db11723373681599cc668e845de2e639aa8d4e80bbfd8c3d13ebdf266af906f3add1fe1f8c42d986cc8c93dc51fae06d16c6c1 |
/data/data/io.github.huskydg.magisk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 796a4069c030536a15c6fd73d08f73a5 |
| SHA1 | fa6ff281fc8004190f8bfec0bd2b9a3e55f3daf5 |
| SHA256 | f7b13c1dcd48e40334047a5610e80b82afa98acd574e2bd5533df927543c8209 |
| SHA512 | ff1c83e6eb76e4aa3584bde226627563806abe0517d28da955801822169c847cd7e920229834181b9cd0425aa6f90d67782d5b9135b087b896f6a3c3e79ce249 |
/data/data/io.github.huskydg.magisk/files/profileInstalled
| MD5 | 1703d8841dee08d217650f1cb33383c1 |
| SHA1 | d556a5997fe0565ffbced48e7bcd24844d68ed5c |
| SHA256 | a6173b3acb42b756c2ddf0710d726bfd9fcfde0ce3b7221e3b4e532c380df4be |
| SHA512 | 58c964dc2df15796c8cecba245c980c9d68b0c85737fe4e2727a10224dd8d7287a69bbd3fb8c4caace8625feb344fd0db4a45e6777227a4ccc5af9086347324b |