88836e1a2b2d7c949d1f348cb2c31c824e535b83d0e2532bcb96cfc31b08e8c0

Analysis

max time kernel
130s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
22-02-2025 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com.walido.lightscamera.apk
Size

4.0MB
MD5

e24ba87c7be4acfd1cafbcde7f7daafe
SHA1

8facfe3ec28932bd3d2387acfb08681519fb4920
SHA256

b7acd26c203607a07fe0021dbb91603b87b889797b6a421446603395f820c258
SHA512

dae0fa0e9f114496d06aefbec0b779bad08cc6c7a32d4fa14f92712823323e25100ca54285936918103b024e712647faad135afc0cba32524a82b0f81a572127
SSDEEP

98304:7TY0UIEtu+ghyY/fV0MAIpbRfMCRHnRGqF0dvncK8Q/2r58l3:QZiMY/dwIpVMCGPcKl3

Score

8^/10

collection defense_evasion discovery evasion impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4306	com.walido.lightscamera

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs

defense_evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.hardware	com.walido.lightscamera

Loads dropped Dex/Jar 1 TTPs 7 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
Anonymous-DexFile@0xe7e3c000-0xe7e3e470	4306	com.walido.lightscamera
Anonymous-DexFile@0xe7d83000-0xe7d85a80	4306	com.walido.lightscamera
Anonymous-DexFile@0xe7efe000-0xe7efff50	4306	com.walido.lightscamera
Anonymous-DexFile@0xe7d80000-0xe7d82e50	4306	com.walido.lightscamera
Anonymous-DexFile@0xe30d5000-0xe30da914	4306	com.walido.lightscamera
Anonymous-DexFile@0xcdbdf000-0xcdbff9a4	4306	com.walido.lightscamera
Anonymous-DexFile@0xcdb0e000-0xcdb2e9a4	4306	com.walido.lightscamera

Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://media/external/images/media	com.walido.lightscamera

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.walido.lightscamera

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.walido.lightscamera

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.walido.lightscamera

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.walido.lightscamera

com.walido.lightscamera
1⤵
- Removes its main activity from the application launcher
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Reads the content of photos stored on the user's device.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4306

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Data from Local System

T1533

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.walido.lightscamera/files/AFRequestCache/1740198844967

Filesize
3KB

MD5
ed2c81112e2c5b2a101c5aa650fada82

SHA1
560af4eae080e1640c44fef13b7095d4cc0e468c

SHA256
4049fe3b00c9048ce964266b97660992490e690d188ec4ebe5d1a2a6731bc501

SHA512
d1140d7e4ddb5c3b7e33b2a4dffde122aaa1d51bcc508cf7feb5c75bfc7c6397699a60996913b8c78a0108a10b99945182921471b3443632cc8823fc7d956016

Download Submit
/data/data/com.walido.lightscamera/files/AFRequestCache/1740198844982

Filesize
2KB

MD5
ff8f7acebefcc1beb375585a27c16ce0

SHA1
e8cf3da554fd0419a501e4b943b648a0d96b9b24

SHA256
d9863e0ef0c3e4058c1ea22a2f44fe69663f2dc3146fe9cc52c7e84160c777d2

SHA512
660270875e97dbfeb3e70d4fb8e3166774bf86869b3e805613fcb79ad9c5f961efdcc18080946c55a223e8295c7422989012e9f5bfa2f6803e43f17b6e59ce4f

Download Submit
/data/data/com.walido.lightscamera/files/AFRequestCache/1740198845243

Filesize
2KB

MD5
dfe1e1b3fcf58a6a46de8604380563f7

SHA1
af94c550b8d1b07d80b17e4a1e017c5009b41ae6

SHA256
297e47fc2ed574b610d31e011aa046e9ac8d8d8054f783075d34d37433381d37

SHA512
3823862f0f24d054ea7ba4fd013c4d0f1abe2091b2b0d9441e46ce1d86919cd8bd8a134d82eb782f466b11cc1f80f2a3ef2d3560594e1e77a608dc71425843f2

Download Submit
/data/data/com.walido.lightscamera/files/AFRequestCache/1740198845471

Filesize
2KB

MD5
a357dff16e8f55c4f57b9c4a49267e20

SHA1
c7d902e2c481e0fa8bc9a9e55ea3c5f76a76db28

SHA256
09673cdc560bb6b6d5d35bac8d7b41af3576236772a008586d608f99ca02c925

SHA512
a5f79cca608105c8270f7f9da4bfdce82adb29bf8deaa67fcf5238ce653230cb311ba348bc20129e1f637459c540667b5c6e1c24779d7737bffc9b1f1d27d387

Download Submit
/data/data/com.walido.lightscamera/files/AFRequestCache/1740198845694

Filesize
2KB

MD5
3a1eee8afc050a256d4164a83cf8fe98

SHA1
b8cbaede837e75ac07ac9c9e59d40aaf13da48a2

SHA256
b4ec89050c89bdbf679b5c6e6da298578d19a3a18095774c7a47413f931f903e

SHA512
208836d3d230c887b953cf71ef137d1af4ad734512ae0f9114cab2af92b10e3c56fa47f9e6f603639c2c58d161bb54f2c94e90af8e1ef07df08f752b24ba6740

Download Submit
/data/data/com.walido.lightscamera/files/AFRequestCache/1740198845905

Filesize
2KB

MD5
aca44f7274a8b0bdb1a9afcc901ab3c5

SHA1
45c57d5831a9f939573907b8bdd3edcb126fd25f

SHA256
6c91001f0bf2d742708d48dd1a8b28e81bfbb7ceb6f4a7ef659404cb3f08598f

SHA512
d0a73c6c8a444e0370f1399bd6701f452be1a729f374ab859a3e3435c26b3b88767cfed7664d6f132b13b8bb4bf65d2bc0baff92a6062409a8835cb2c1b16e99

Download Submit
/data/data/com.walido.lightscamera/files/AFRequestCache/1740198846229

Filesize
2KB

MD5
9d6a00346de1bf67e9ee716e340e7402

SHA1
d4915eabbb38fdd8dd49a5b30f84569829a030c1

SHA256
4bd79812d3955b9a362b385021c78021b3dec8422d844e7edec6af4858ae244b

SHA512
0db86276529190e049ce80264de3bab746c5a5b4bb0bc50ab7b9ff4755c36f071f9ac050fcd00b3596d2327163f36b62ed8ad13512004916354448e50dbb567b

Download Submit
/data/data/com.walido.lightscamera/files/AFRequestCache/1740198846269

Filesize
2KB

MD5
0d0234fcfe48e1643cb6e82cb3c40c9b

SHA1
305ba2682b18ff1f26ec5f44452a8073185879b3

SHA256
f03edbbf363054846545dd7d7a214ecce2aa8e07a7a0e81010e36e6c6818e4ff

SHA512
1816b9c8ffd472c828bc8b522c66c2a020df7862e4b43af0e1c6f751c36a14f01918a94113930f32ce74c264deceda3e9fef1ecd899ea6500da7c3b5cc0a7c96

Download Submit
/data/data/com.walido.lightscamera/files/AFRequestCache/1740198846299

Filesize
2KB

MD5
6ca905591e1980597a8600246ce1bef9

SHA1
35931a1a9a664c376d04f522b673403f2e009c93

SHA256
cf92a63e364b8eeb3a85b3a084a41da4583409af2ab23d706779c4ad81bddc38

SHA512
3783c8ceeed313fadc17202ef0d7b4bdba86d929794f445a9c9137325022b795c72cc7d175dba91487af3e41e9c00a761e34abb91a94d4adaa0b84741dd6d2d6

Download Submit
/data/data/com.walido.lightscamera/files/AFRequestCache/1740198846316

Filesize
2KB

MD5
1771eddbf734f6c7cedd220cb7fd49d7

SHA1
93f3616dbbec0f85b4967cd01b8b78c36eeb776e

SHA256
7585a78abfcf256f9809d63412d3616498abe1f5eb6281ce7fe26f1d409852c0

SHA512
9cb358a7dac1b69cfa593e176bdba461b2e8fe1368a417e7b6f0de0653a36043a87f717748e1e9f973d97f54cfca967e0e61bdf0f354a0c2e5052dd2b99a1037

Download Submit
/data/data/com.walido.lightscamera/files/AFRequestCache/1740198846421

Filesize
2KB

MD5
b02a5d2b14628c57664461e4602c80da

SHA1
fcdbaefbe40a98c746cfcf4bd6c324a34ec7bab4

SHA256
c8bca05785bd46b2df847db929df22f813835eddf9d0662be3670679df6c939e

SHA512
0d9ed96a6fee921579eda0e8aed9ef7b4d1a903b1c4a392a9d33a2c5635e4ce093df7fa44aa4523df9d682508cb6faba3a869a4425a5e8cf0da045acdfdc0956

Download Submit
/data/data/com.walido.lightscamera/files/profileInstalled

Filesize
24B

MD5
afbdc6db580a80a9eacfbb8e36754ce0

SHA1
2c6ecb2c060ccc249eb617639287a3244d75b96b

SHA256
6e6dcd107400d1396e67d5276df8e9b21ac9c15f2ae4870e0b01b490142dcc5c

SHA512
391e86a8fbef07c34bdbf3564948d7ef5309f8ee05363ea015ca9378f130f6c5985d35767f8795def5c1fcc2dee42f16499af31bf94ea83b2253a8bb601ed66f

Download Submit
/data/data/com.walido.lightscamera/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
bf239d52b1e0f00c5ef76275d2e68de2

SHA1
9ff496cb495c9ae45d57f76552b8fe730a5e1bfa

SHA256
c957c52cf71531eac9c392625c7bba1bd0955c9883e244edff1590fa740e50bc

SHA512
88c8f510462a65890695edf510e294b416b03ad7a7d0d9437e12f16ee4da592acfa60f37a49e9c442db7ffb274c192c48cb67ea7583c82173dc67f2dbee5b080

Download Submit
/data/data/com.walido.lightscamera/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/misc/profiles/cur/0/com.walido.lightscamera/primary.prof

Filesize
3KB

MD5
8c203987e1af5d045dd443acf465eeb3

SHA1
84dd8407d5632b44dee428bfb2f7f3352f11a6e5

SHA256
70b04f492062c4add07ea9a4d7b48a5119e974df60c12e0638020a65257460d2

SHA512
13c4dad1f56f4a3215a311bcdd2332bd55d69757ce8071c7826866c863124a2e72083748286572f904c73b570148ccf46b3bfa85e14ff323268d24785a5b2d68

Download Submit
/data/misc/profiles/cur/0/com.walido.lightscamera/primary.prof

Filesize
8KB

MD5
629962e252a3442fb56c975942e3f714

SHA1
1cf28b753d8dd5d28e0e6740352f87099e621c48

SHA256
394b9c81bce5726bd2828fe7b66080145942ac92e185d8f407e92fdfc954e70d

SHA512
09a059a0ff1a41b4e27b3ec4d934ddfa0485570a4737b88463214ea48cb2166b2a43dc2b6a4c942ed004eafe526a536eebdb736bc555166081ae84651e841b27

Download Submit
Anonymous-DexFile@0xcdbdf000-0xcdbff9a4

Filesize
130KB

MD5
546565700f6e5ea16435d1ddf26c3ef5

SHA1
c8f5113879aa436075251338411d00835c003cb2

SHA256
a9a4643cc01d15bb28ddcdb28c1249e9373682b2384256590540c3152f1d4616

SHA512
e43204b7c342d4556aa6f491a86f81329f1be352eef4b4283727963e4ad92710dbac7f4af9b1989cdc24ba8d949d5f7ac63ea1d693631f3c500aa2e49f7a70f4

Download Submit
Anonymous-DexFile@0xe30d5000-0xe30da914

Filesize
22KB

MD5
901a5db0dbe4aee3c614bb809da0514d

SHA1
5a9f656ff87213dd2dbcf4f4d4629c49dc068067

SHA256
0174bfef32a204e7b696cd0608ac18e1d4a0a1efaec06cf61e3e6a1f56b2b5d5

SHA512
417573890133816872f675e3cd1ad35ac49daec2d4d9cd93d8794af9ad718de404078f2f35a2c7cba0fed366a95b1d59efd74be9c830e970a1848ba39227c35b

Download Submit
Anonymous-DexFile@0xe7d80000-0xe7d82e50

Filesize
11KB

MD5
ce655fd344e36c14e7721fe43078cb99

SHA1
1f8588bd0d53e5f4ffd64fce7f3931a9f6b937c2

SHA256
8ffca79abb657fcb1a004ebf7e670c45daa433a1eac9d74b8edac406f5cff910

SHA512
052f16494dd3b171b878f8269eae7b45c710a541ff5fd0a56a248eaf9804c9acb17e15d5d147fe39f9d6a951d2a1cc71f61eb9928f1b60fab54abab2519b5d52

Download Submit
Anonymous-DexFile@0xe7d83000-0xe7d85a80

Filesize
10KB

MD5
3f56939349e4e6e2936dcc3c4fd456b0

SHA1
a26a1f03d84b40018cc8d7bf6c7659d9bda82223

SHA256
a9213eb2c8b28cd9202caab29b67d8dc498353522abfe15bde70627c8cdaa430

SHA512
2939ca931fed5e39b2995a4c907410aa032488d635c40aa5fefc3598e3f1b68ab2a464fe56f0417f7467209cabebf45fa2c9c1b0d773cbdf0250b4abdc3b357c

Download Submit
Anonymous-DexFile@0xe7e3c000-0xe7e3e470

Filesize
9KB

MD5
97689853b943bdfbd3b4307ae2d5876e

SHA1
c4827a7879857c365e3bce2b9445dca2d72ea0e2

SHA256
7ec7eca14e7842f15237a0a601dee9e4468ef7b90e9be342bb9493b3a6f9a998

SHA512
36210cda7b120a70f081e7b8d044772249ee247d1a417299daa3bb5926778900ba630194313fe1e342b46db4f48e344a6ee59d1b418c7227690a467d1ce12c79

Download Submit
Anonymous-DexFile@0xe7efe000-0xe7efff50

Filesize
7KB

MD5
7090988a31013ef97010919a632598f8

SHA1
5001aee1fda0b5d6ef205d01dd965e86ff3e641e

SHA256
c41f1334fd80b7a13cfd8db84454e9403d2b9ba5fe1577b701b1a192bba1b787

SHA512
404c9c4a02190d2298c6c1495955ea54ee5dbda8811eb70747fe28aa60c9f535f430120185e49612e261e1ebaf58b83aa45f2d7170a09f7fd5933ead99f1b889

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads