bca9a2f6c7a436d921cf6e6efaf517da4b0d52bbbd1da3f44edc41a44a2729cc

Analysis

max time kernel
3s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
28/03/2025, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ibispaintx.app_12.2.11.apk
Size

68.7MB
MD5

aa6a197b0eed1f18d9f5db10afe80f83
SHA1

093ba73547fd9e20ef9c0fab5d46166b2b6eebc7
SHA256

bca9a2f6c7a436d921cf6e6efaf517da4b0d52bbbd1da3f44edc41a44a2729cc
SHA512

0a442e47f44c3ec4ec624d297ed20684320c1836f0d6ccc1829115f12ffdd64e6478c7e7e4bac0aae3986758cb0186415487e4cff4f82e017fc865e194a510b1
SSDEEP

1572864:YlqhclfRE7ZcaJec6nCapfqve73G7gefGNOVRCNXCAL+2Ggm6o/Z:YAWlfWZcaJeee3efGcRCNq29h0

Score

8^/10

defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	jp.ne.ibis.ibispaintx.app
/system/xbin/su	jp.ne.ibis.ibispaintx.app

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	jp.ne.ibis.ibispaintx.app

Checks the presence of a debugger
defense_evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	jp.ne.ibis.ibispaintx.app

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	jp.ne.ibis.ibispaintx.app

jp.ne.ibis.ibispaintx.app
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4209

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/jp.ne.ibis.ibispaintx.app/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
f7c33f3e68805da11e3035383b904117

SHA1
c077360cdccfbe85d6de803e62be11e0a0bbdaf9

SHA256
e72aea53c6be3f19727eeea4d954e70ce46b73b9154d84e55bf15c9b64608125

SHA512
289ca169cc29ccb8be2de2ac5cd3d8ccc5d4d000a38aa0ae15c177db3132742c85c6b43cfeacdd42cb56b0a3a40e696e4defc71f9cccd3013d1f4cbca66cc023

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
3cd03a153540fe8604998523274a5601

SHA1
a881d7b2da59702ac29cc4e3995f1972ef7a19ae

SHA256
6443846683f648a88f94009a4da30cebf85b070098713566f7e5fe29065f504c

SHA512
979aba5496156219c76625a4651c730c83bc50e0023429a5a3d49e3bb6b9bcf4c42909436061a8ab1b06651786621c7e6b622c526ba2b7dbf26f0658de5b971e

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.cert/cacert.pem

Filesize
216KB

MD5
18c68c9898be980227f33c213a2464aa

SHA1
1057b838cf913c5e188e6ec6697b6f2b49637c29

SHA256
2782f0f8e89c786f40240fc1916677be660fb8d8e25dede50c9f6f7b0c2c2178

SHA512
0d49bd1435a25b113a34ac38b337a9c904b6ac720824fd55d410ff6d8f6d0f637b54fd92cdff31d1c632b6a77f35fe55de9c756f35365387cea94f0fd93631b1

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/67E66FAF0312000110710790AB914013/internal-keys

Filesize
107B

MD5
58c6ffd18aab0e3303cd49e1d2fdb9c5

SHA1
7dd517bc9278addca0e9c229dca834edbe030b44

SHA256
2e5b79823384123598ae879303e552f5ae0bbb28f2c96b74e82a2e8abcb6840f

SHA512
eba20532172d1bff0a750a5293024efd98c0c5822f3f15b469d1a54ce917ea78cc7f644c3e7d7a59dabac0226a942474c2a481f970ba8b519c24bf0765c799b3

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/67E66FAF0312000110710790AB914013/native/app.json

Filesize
232B

MD5
bd946827cddf8edb86326f5dc4e0db2a

SHA1
36ffb2c1d4e523491d702454ccda26ffc11654f2

SHA256
94a07e44c05edd68af30e96d79143067e0faa4b808929123878f0a9d255eaa5c

SHA512
1b3afb42c0bbde97caa92494ba7a7ab440a857b5e06cdb22449496ad8bab5329cf9a87900a2604402fd5387e596d2a7110b57e1ca5ed5018a0996cd5b0df610f

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/67E66FAF0312000110710790AB914013/native/device.json

Filesize
194B

MD5
e6d35f4c8261b088b6204ed809751e9d

SHA1
307af093deff1e92ab3b0a03917c9bf41987d8f3

SHA256
420cff43303480c93b670b9c16119006c20b125a23582cab86f2d14a87481844

SHA512
8e7287c40a65f9bad5e025b0dcb4affeb7c427535bae86168db41bb826d7a721ee6e76b67e9c74fa5cdad4c8bc18e9ee6a8c6b67ed39c911e9b488e6f0290c42

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/67E66FAF0312000110710790AB914013/native/os.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/67E66FAF0312000110710790AB914013/native/session.json

Filesize
127B

MD5
5d197543da4cc6892bad85498860121e

SHA1
0aa0ac79edfcc819b974702493aae412969ae98e

SHA256
7d87e2482a20804b40910397e6dfec005e79ef34b7682b09892c55f40649d376

SHA512
ac6a1dd04a2d9877d0bf749b125f98cd44d38e2cba33094b93c455f1e8331c8baa1bf24be9d1f0a2b9abd35c5eaea7446026e8f1d582f4cc87b4062eb43440dc

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/67E66FAF0312000110710790AB914013/report

Filesize
763B

MD5
425b26ae56f3f25b2018bfc8fa736f93

SHA1
b86b56bbe2f79fa01c92858811c67a6fcc665ffc

SHA256
b5d8fc289fb2b8735633454868b94c98085b87f6bce353bb22bc69e4d3d18169

SHA512
2eaeb0c39acbfe436e550a65972599d8e0a1d37a580eb305c13139c10df383665c14ad10cde628378242650ad3ed39a5ab2db92c011dd66003a6fdcec6004922

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.crashlytics.v3/jp.ne.ibis.ibispaintx.app/open-sessions/67E66FAF0312000110710790AB914013/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.settings/BlurParameter0.dat

Filesize
64KB

MD5
afea4912c3d321a9936fb94c7c3b05d4

SHA1
cb0a2c18f0c39894a6e02b2045e7afad12ad54b4

SHA256
f90d6062c85bc024df09a880dc6d0883414eb03934c3202d3bdae71f96a46c70

SHA512
b1bb6be225de1a5d0ff28e707e7a61c6d2b0dc52cbdcb7ed284dcdcc93146c7ddbb6cdb55a356a4e5999fb443780416e06e884fdd45c757ee9419cca5d80e4da

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.settings/BrushParameter0.dat

Filesize
108KB

MD5
664a0c880a1733c894a3da9b16f51baa

SHA1
6cf701642bfda9a8a0fd88f7f413b756faae4d42

SHA256
f1faecc24a07d56c2175b9048e8852d7cebb75e9b49720a2d47c13d450a1475b

SHA512
234b532eb386e30469871e09bacc4b0ac639e0097f55556c1c1b35ab431be52c7cb85deb9404ee62b257195781f354e38d845c123b19886062059ec3edf7a996

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.settings/EraserParameter0.dat

Filesize
65KB

MD5
5e452682faf1fe908eef1717af2c9269

SHA1
3e0674e06f5b9b37363ba3da38c43c6359f3ca89

SHA256
35f3340665f9543488dc31471311e70a8011d783ec716b36aa3f98703315b724

SHA512
fa775d683da84f1dd3afabd634c00a850e595bfe4b393dbc8afe3eec88a02a6bf62a8317b66f069b9dbe93bd50ed4b2aee92c7eb9728a084a435dbba9d980d46

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.settings/SmudgeParameter0.dat

Filesize
64KB

MD5
515da0fe007a0c288a36491e26a2400c

SHA1
194976aec48475f6b61d00d1ca210aae0ce68fee

SHA256
c9282fb99997d931e3fa79904b5a1bdd9c9f72cb2eb4cda60fe94b63ca52f6c5

SHA512
ed8dd9c1877a6cf354c82acbac4e9ae46e99c5ab72d86f87bef8b7af7b12e9e8de37ad1f395bf65c4fd843b98b413b122d3470bcb24bd9a1538ce51f21a234d7

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/files/.settings/setting0.dat

Filesize
2KB

MD5
427d875a59de3f368cdb00a76c5b6c19

SHA1
f51944fdec759a08705d7ac85aa5a4bed8380eda

SHA256
4f085d569894d952a228b018b992314bb4023da787fd8eebc1b9986a31d2b31f

SHA512
4b34d29101fd16a251ea2d3c863908a80039c5a6c50bcd80686970f550bf072b33b8e13482f45c8fed03afa60487a1a10a95492adb851d6415e089c73cd5be0e

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
98a3bcbc69924418b735a4995ccb8ceb

SHA1
32fe64ad8309dbaa574fc2f35c77a71f78a51aa9

SHA256
cd1a9e73fc584a8ae75c37f509e404716f4cef313c8f7b36d9c0592bb5e30dee

SHA512
e6c6c9abdefd4b86eba96b48efc4ff4fed0bf344cc876512f9c142528925af8cb575ae753b2afecfcb30e382760bbde61a459d27767902c1be970490f8735e59

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
44a93e3aab54ec8e1c1c7388bc1a301a

SHA1
a9a7340cb9b80ddeb6ec3d6caaf73bbed5746625

SHA256
48bea80752107d74170afa8ce545d9887d067947b745f086bc44a9e9797d0523

SHA512
539d7ef56e99f20d87209c68363c8a997252b044698f987faba3a5ecfca0e47381b81f49bc32440d53843636bac22fb744b4cd6f54cfe59cc4d8c2a47ae6f326

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
1976fdbf15826bc3bbcdb9982708339b

SHA1
c70805cc9787752827a235543e2ff5e8188b9537

SHA256
11851f91a73564141871e7bc0396d62eaa0b5f85fb8bb36e7cf4b56b453ebea9

SHA512
f849f84351ac464e0424cccef199233dda444600522883b4d092c077c80935efa070d744ea21cff02dfcb81b28478905a392dddac71ff050e53ee029b4c7cc27

Download Submit
/data/data/jp.ne.ibis.ibispaintx.app/no_backup/androidx.work.workdb-wal

Filesize
120KB

MD5
846c9a075fd613a2b9d0c3fba0fbb7d6

SHA1
1082e07d3538cf066653806cf9b65393855bc195

SHA256
14c256e9da56f8b2244e629327696aa6d7ff63b11ca864f7cefced06b6c0639b

SHA512
b58b82ff9f7df39b033d91c1cdc4a47916652b65ee3d9d5132ef9f267334d52c16fc6c22534c37418cf34960b926eb72bd6bd44cac053c7deb8e39b3c84223cb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads