729d80d058b31172a657a210d790c3c696be5de383931980f9fb874975773caa

Analysis

max time kernel
128s
max time network
151s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
10/03/2025, 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ماموستا _کرێکار _. _Mala _Krekar_5_APKPure.apk
Size

22.9MB
MD5

5334c79ab4c3e4e572aef060516dabbb
SHA1

2f81f90a044f4660e01f17813b91bb98c6e0fedd
SHA256

729d80d058b31172a657a210d790c3c696be5de383931980f9fb874975773caa
SHA512

d38c281f9ea792292f7197732833f20640c36009379fdb0d2ecd0ccbd7bb84ddecb4b7d0d124fc20371e843e9e3ebabebc8e78915e0d53ca1029c79d5aaa0c7b
SSDEEP

393216:ASBJZdalWzEXpHnqK9QAg+z9CJA2Tgp7BGWAbWi3mZshqEc8c2CxVs7uFNRXrdcd:jgXpH/Pg+z99Cgp7BOThG8c2q2uDRi

Score

8^/10

collection credential_access defense_evasion discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.malakrekar.app

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.malakrekar.app/[email protected]	4523	com.malakrekar.app
/system_ext/framework/androidx.window.extensions.jar	4523	com.malakrekar.app
/system_ext/framework/androidx.window.extensions.jar	4523	com.malakrekar.app
/system_ext/framework/androidx.window.sidecar.jar	4523	com.malakrekar.app
/system_ext/framework/androidx.window.sidecar.jar	4523	com.malakrekar.app
/data/user/0/com.malakrekar.app/cache/1664557424545.jar	4523	com.malakrekar.app

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.malakrekar.app

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.malakrekar.app

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.malakrekar.app

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.malakrekar.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.malakrekar.app

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.malakrekar.app

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.malakrekar.app

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.malakrekar.app

com.malakrekar.app
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4523

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.malakrekar.app/app_webview/Default/Cookies-journal

Filesize
8KB

MD5
f0cc9c242dfb06bb97a3376ace7f9ea7

SHA1
e63c791cbc120bcc949dfdb73dcef1b04f0937e5

SHA256
93471a918c5d51a19d08ba596e9ea0032a63b3aaa40e963234791a050dfe3c87

SHA512
6eb4bc8d7de64fd2ff545973eced96bcc7626a7c60ad56f4b09dcd0026649116551b7e384311d1954ada78f4341874af6857a7e92e94bde693fec07c7f8f5dd9

Download Submit
/data/data/com.malakrekar.app/cache/1664557424545.jar

Filesize
10KB

MD5
dfb68e70e8eb84d844c9ce623ee069c1

SHA1
369e761858a904fe9fb89efcfc9bd3e6e56ee44f

SHA256
8ba015cb192f34326e6a46f765c6712d87c3797661541275c84b9a30ee449eec

SHA512
0d5f8ff91d3cd5c976cadf774b8d5cd6f276793b9eb9f3d8e7168eae122b0bfcffd833be9762de441d4b52f7bb3eb3850479aea37ac327be9b71910c6fdc566a

Download Submit
/data/data/com.malakrekar.app/cache/oat/1664557424545.jar.cur.prof

Filesize
199B

MD5
e01c9e519bafacd7bcf2eefb6430073e

SHA1
d0270b2ccf1f081fc089cf4cf1257a7fc4574ca6

SHA256
7834c9ead7cabc0845c5107df24b7fe7968ded1a0d34c2d852a7580ddb5477a4

SHA512
ca4adb75915f2720b17fccba9bc16dfbec778839beb633eb45a2b4d5c5376f20c409b36b3de7fffde8077bf65bb096c9dccf066d114d03d0915b8c5e95b8c3ee

Download Submit
/data/data/com.malakrekar.app/cache/oat/x86_64/1664557424545.vdex

Filesize
948B

MD5
480d07e0214aeb0d51a0d29f6f0a6a22

SHA1
bb1a0580bf436ffe93d91756a9e2e646e449be9f

SHA256
e9e16898bfb89b40c3e9972f977730473d9b45ed0fdc5cbf868ff0e71f064290

SHA512
31c58c4bbeb49cc1ca7c705b829c55b50d980e9248277f9c96f1602fb1e6be8e7e3d3add5d3b002d28015822dc277e21905eec9dcc5685567c36e5ab97444171

Download Submit
/data/data/com.malakrekar.app/files/UnityAdsStorage-private-data.json

Filesize
41B

MD5
16d3e6eac0e79222a9b368edac765b34

SHA1
48d5e621fcdd84108f5750d6905180b622715b11

SHA256
3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7

SHA512
d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

Download Submit
/data/data/com.malakrekar.app/files/UnityAdsStorage-private-data.json

Filesize
627B

MD5
44cc2fa1c559b1a3476877055af08f1b

SHA1
d40670fa5dc795c2df4d09e0aae7bc0070853fe2

SHA256
3819eae430872c908db173e152c2fa80729bf130aa222ed77f8191f3881dee51

SHA512
4ec9a5e4b2d9d978d11b61ad9aa31fef902d9966c378c131924404bc9e8e64cbeb46dccaf10953952d08878214852ac8dc988721011d5a87c0490ac63533a8f7

Download Submit
/data/data/com.malakrekar.app/files/UnityAdsStorage-public-data.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.malakrekar.app/files/libCachedImageData.db

Filesize
24KB

MD5
e59356490308398e6b3cc3dc46fbd8e5

SHA1
d03607a94d0789485368d637f2a55c54f93a0fc8

SHA256
2551dd2ebc3df9187acf05a7850247fa40cbd92f95bc40b6f5e46b4c76be24d3

SHA512
d271a049aa411714fc78e96d941f2cdd40a0cdf3ef0bd3ceed834e44564366cc2c6f6ba01ea68da143bb5a8573280c44675ae990ea2c3c5cdb9894d2af05fac8

Download Submit
/data/data/com.malakrekar.app/files/libCachedImageData.db-journal

Filesize
512B

MD5
29c748a00adf4c8cababd63e57bae186

SHA1
1e42ec64e83d3a95d579c47368013ed949fba13a

SHA256
fce8842d35dab002f2deb0b48367a33b45fc5fc7ea8e79c91bb7690fc07c7a09

SHA512
47f49fe05b051002c61725d2691c0ed9c396672bcbd167dfd9f6fb299a17774ef4971dccaceacbcd17aed3898289a39f7b8902cde13f372ef59792417a5bfe8c

Download Submit
/data/data/com.malakrekar.app/files/libCachedImageData.db-journal

Filesize
8KB

MD5
d7809ea0f5f1af4a96e76a39c6540397

SHA1
a9a728ecc544805c1e2a0b4cac423afb04616161

SHA256
ce9a80a2b9d238b5974f6a52422d9ee2f651a79a1d25579e3ca6514e43a62938

SHA512
57f67e9d4db38cd738435b1f66d1954d7195802698a5b2f82588205c69f0a49ede6d69cbb8994ac4271dc73d9dbc7e609affdb28fcfff74f5d6ac2b642fc2ec2

Download Submit
/data/data/com.malakrekar.app/files/libCachedImageData.db-journal

Filesize
8KB

MD5
2075f89ee1d69bb05674f162e8ca1675

SHA1
422922233b9a6f7663f7d600c6ac5bdaf39c47de

SHA256
f9a52a6be0b55a705002950d4122fef07eb75871c2e3173443726f42a7cc1d67

SHA512
42cb68575320a7cf21be76c275c5109d3878ef11a44438c76fd399c52b1b52e836ccd130169150e166a8ee3b41997528ea94ec7e7beae1ee92be8eddc7990c1c

Download Submit
/data/data/com.malakrekar.app/files/libCachedImageData.db-journal

Filesize
8KB

MD5
dbbc984c3a1b30aac74e734dfb589220

SHA1
d8c3a3b08fd79a0e2aea0e054fdc8096892cd96c

SHA256
b5348fa27cf65b5fc1b69d1f7efd3db85abeaa1af48392801a97ab2d099e27ee

SHA512
6b4126bb0a93dc36d44987865de065dfeb98427b0087a05688bb78a76182e394f62980a316868e07d920d0224acdd80e85bebf14a251cf62459f9d195d18a0b9

Download Submit
/data/data/com.malakrekar.app/files/libCachedImageData.db-journal

Filesize
8KB

MD5
428985f1dd6d745454fc0dffa117ffd2

SHA1
27f6722c7e4ce5892ce8e5a721a7f1ab7f8992a7

SHA256
0d727c92a0ab8cc31dd092b97c5582ceec2e0d5883582c776afd0361cd5d459b

SHA512
6421eef8d6d097e13d5a9e6499af58e4024ccbfbfb26a56685ff7b5761890bb5663b3d48c7db1fd569ddf094d2a046201cd9740561379b340851c52c4d2cae3d

Download Submit
/data/data/com.malakrekar.app/files/libCachedImageData.db-journal

Filesize
12KB

MD5
42e219a185bb03659c355da28348a8ed

SHA1
17dece7f9089da794dfe31126707bcbeaf5ebd5f

SHA256
8aed262cfb233a47147105eb923d5c182b7f6a847ab7288d09d730b1d65b3ec5

SHA512
0c8c65dd44ea41b8faeb235f684a229c06bf9123c63625d62ccc0dd66eb9f13717276b38c8c9b9f69212a70385a56730597d9d21e3849d08e0a60cf379135260

Download Submit
/data/data/com.malakrekar.app/oat/x86_64/[email protected]

Filesize
58KB

MD5
d820b90e9069322bf4f1aae39ae334f4

SHA1
7a5300d37e2484941a40fb77ce1a08840eff5b91

SHA256
f8203fcf99a3c9855a4e2a86f1811e1ebb524d8609112c34fb560e687ce507ce

SHA512
6cab78a5575464cc4bf3f680b7a5b2d00cb2031108d209d264a96b91c1543558aaa46164f9c6617d94244ab33ed8b0ee8d0b5ee62dd60656f94ee21d5759a871

Download Submit
/data/user/0/com.malakrekar.app/[email protected]

Filesize
3.2MB

MD5
8b233a8492121d6070000a28406eea2c

SHA1
6430bd001a69b4bd686b8385d2d2d439cb5131de

SHA256
688d9c42adca2cacb59ccff544456da5b0faf33c47539753f4b6158d11681177

SHA512
d6b0bde9a89101a2fe255a9475f602a6cbb92d95ed07c92df214bc3579020f4ae1edec3787b13dd0efb82b5543972c2e4b039f9f1364338f6d1ff3018421a26d

Download Submit
/data/user/0/com.malakrekar.app/cache/1664557424545.jar

Filesize
21KB

MD5
722310b17c81cc3d780d23e1a63eb450

SHA1
0a0c1a939f923570e5da88aa5c7b105052f056e3

SHA256
9f2d7ff525ca785553557c351812252c0beface31440517e2f19929fe76472b1

SHA512
1a48e9383a0befb0c6b4755a8b56f352fba317910308f701e13ce8189c465cade6b0af510165d586745f1913a61cc68f91395949202394336a59c34596691a91

Download Submit
/storage/emulated/0/Android/data/com.malakrekar.app/cache/UnityAdsCache/UnityAdsTest.txt (deleted)

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/storage/emulated/0/Android/data/com.malakrekar.app/cache/UnityAdsCache/UnityAdsWebApp.html (deleted)

Filesize
2.1MB

MD5
79d35261526247500bf8cc781a8ff4dd

SHA1
e4432107a70ffb64d1dcaa2494a1e37db58ca6d2

SHA256
5ab2804e542d9e787eb338f030f9b7b2c5115e6786de26aea5a198d882da1bb7

SHA512
ce5cbdd67d0ac1da047c0cb4afea31a00c7215bf11ee7645b71b4e0b9460080708b37787bdb383b692ebe63984d2a2195bda5c981804736c5334e2c2730a943f

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit
anon_inode:[eventfd]

Filesize
8B

MD5
33cdeccccebe80329f1fdbee7f5874cb

SHA1
3da89ee273be13437e7ecf760f3fbd4dc0e8d1fe

SHA256
7c9fa136d4413fa6173637e883b6998d32e1d675f88cddff9dcbcf331820f4b8

SHA512
991294f43425a5b80f8a5907ca7cdbb611401282585a58bb415077005428e3b4c0f661fc07ba5c45f627bd8bdcb172389ce2fda461c029b837abc70f0abbea20

Download Submit
socket:[60373]

Filesize
47B

MD5
62656bb4bf1bbd9159a03ee97bbf46a0

SHA1
737d9e9aa95b864c344732055f51790a044e6ee4

SHA256
ee2c6ba6ee4ab1d93a43030f84119ebdf942ce1237c3456358d21d829e45d9d6

SHA512
c40afd8c107acf5cab2f8b4981fd0fb34cfb09939f66c1d271ae21aff8bf0fc2e236c99fe2365590552d9780d01aa388f6bb15f9ae27c2abcc52513c2e74d8c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads