07d7f96a455dc8fed93f17eda927b6ed6bc79bcaa651a65d02a782af6cf9c0c2

Analysis

max time kernel
26s
max time network
33s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
03/04/2025, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com-procreate-pro_paint-2.apk
Size

30.3MB
MD5

8d426e98c5954302cd674cf424b1f1f9
SHA1

b765963a0241b203c0a7e374e9aea7acf768d2b7
SHA256

07d7f96a455dc8fed93f17eda927b6ed6bc79bcaa651a65d02a782af6cf9c0c2
SHA512

acf97c9c3e901c1f337d76960d7bc651085b2ba3188bd279ffd312b42102ed8ec78059bfd968aef3ad538f0e4548a66b05ad2f2b5affc3fb1b95dd383efe86ab
SSDEEP

786432:zDhvOp2o6UOKJhcJ6+v4IQzfGe+n/Zfa87PQF/FVb:FOQoWkQ64TQjGxn/Zy8TQF/FVb

Score

8^/10

defense_evasion discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.procreate.pro_paint
/sbin/su	com.procreate.pro_paint
/system/bin/su	com.procreate.pro_paint

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.procreate.pro_paint/[email protected]	4517	com.procreate.pro_paint

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.procreate.pro_paint

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.procreate.pro_paint

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.procreate.pro_paint

com.procreate.pro_paint
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks memory information
PID:4517

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.procreate.pro_paint/[email protected]

Filesize
3.2MB

MD5
df7c9cb6702e9eb0ccf9fd79100a1637

SHA1
8602fc5e2b29e0901b09d059a58e0fc23bdf7810

SHA256
d3296f4cf04644af9be328f5df943004563392a1c9a889f72ab11501815dbf3e

SHA512
0b0a51d0767250db9dfa04e790e3a9ab3819abb32aae61105770c18eac064e254150464ab7e803e9ec3bf29ec442cf6a422c990ea1bc0e63ef13fef5dcdca4e6

Download Submit
/data/user/0/com.procreate.pro_paint/databases/Shayari.db

Filesize
20KB

MD5
7e3e7374dfb060ae13280438cc453a72

SHA1
67938a8f1b451bbc791e14c35b2544b5b63abe71

SHA256
6c9b0657078b8dda01bd830064212af3642727deca8b956e6ea01285e116a75d

SHA512
28b3308b8cd1aedc4bee512a7a110f4bde2efa444dac65da7fbcdb7d84e6d64b13e046e51b1bb5f9bfd036e2b78ad164a3fc26b2a42c3b072f51bc7ed9912c72

Download Submit
/data/user/0/com.procreate.pro_paint/databases/Shayari.db-journal

Filesize
512B

MD5
6449554ac083b60bce98ccca2e594497

SHA1
19f4af65075cc4b6a4df1103229602075dc58eb9

SHA256
605ee777f8a51a5fc5f9afc9d078151b4527e474f09eee10d6dd888399895c3b

SHA512
27bf6fadabf2b47b5141a2976437d21daf4268a937b8c93b402b19239c9d7dc1276aa1a6748e44158f7e1a13d768949c4ad35292f82983d158e00f524c7b523b

Download Submit
/data/user/0/com.procreate.pro_paint/databases/Shayari.db-journal

Filesize
8KB

MD5
4ed945d1594db0a658f4a4e1c97820e5

SHA1
a2b3d131abad9586decce6cfa37ec3ab60568ed6

SHA256
2cad40fcfd0266b56aacbeeb26e774444a97e676921ac979b8030cfa13d02f6c

SHA512
9ae5e646dd576a401ea62a41c747f5a05b013315158403296bc56c3928a6d7060d55989de0589a6a6aa2563b2c851e8ee2e21f0cdc4353ae4cd281c715554b68

Download Submit
/data/user/0/com.procreate.pro_paint/databases/Shayari.db-journal

Filesize
8KB

MD5
cb55d6ee5b686f289945ccd512b3c3a2

SHA1
11e2d777d8dfbb4d5c87b75049de240356ca6165

SHA256
893cd23d776102508b4bef7d40a2de7b338090b2df42f58aca361194ee92ffdd

SHA512
91ae644061df04fabf9e2f333180cfc487a0788eb18804207f2d631a658161ed9d9a3491317be5a2dc31b84038798aceff4d8b0a897c19b56c1e7d831e62aadd

Download Submit
/data/user/0/com.procreate.pro_paint/databases/Shayari.db-journal

Filesize
8KB

MD5
f5b1054ffd937ea7c874e934628b2e08

SHA1
d4e19914b28df4b7860773af270d4447e7f4b4af

SHA256
bdf2a0ca7cbc8533a0bfccfe99989fb677d552ca4e532f8883c8349e19b5a3c3

SHA512
4ec25e66091f06fe33703bfa41769b0284647871b75d20af5d0196b3c695490c745e9bd6d2f9fa8325e673ee200b3a2d96f78e3e4fa769373700388148626df9

Download Submit
/storage/emulated/0/.appodeal

Filesize
5B

MD5
88278dd6f1c310e699905218a9161893

SHA1
616e70e35b2ce06b150fb71911606ea34fa100b6

SHA256
469abedf5797bb56f1afa35a227eba1d8f7b3e22c99426e527da4b0d839dde15

SHA512
86b75a46ffbd2c5f9d3dc8c3a3ab8c52a5a93ae22c669c3f20b7a715be6875af0fdbe25e7899e6b4c8ec9d328b634d2674d5749c2174ad3af0e95b3483fbb106

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads