Malicious
8
/63
Threat
Analyzed on 2021-01-24T05:30:59.904316
MD5 | 9c09703eff1cbf5380c4ddeabe425e96 | |
SHA1 | 06c757cfd1bd7682314cd2a6c7b20dd1a626c04d | |
SHA256 | f83de85b03707423e6a6286fe01a238d85510a043381644690fd0fb8b0eaddec | |
Size | 4.33MB |
Information computed with APKiD.
/tmp/tmpqvja1znu | |
packer |
|
/tmp/tmpqvja1znu!classes.dex | |
obfuscator |
|
compiler |
|
Information computed with ssdeep.
APK file | 98304:IqIdL82ou/svntbQjYLjVtXhKhNMT/IRrlMqi:eIy/ytbQcNtRKhNId | |
Manifest | 96:rcN19qSIDNDPTPaMNY3uUr3XSYpINiBafQ:r5S65Ly+Y3NrXSWDafQ | |
classes.dex | 24576:N2dXQkqhpEzP/CS1RKux28nTgOUoX2wiEo:N2NQkAg5xnp2wro |
Information computed with Dexofuzzy.
APK file | 6:RWm3KnK56PikiEE8GtVm0fFUUlzYfdQV/AprGzOovyqXEATmJtxMmeL5xtCKT5OH:RW… | |
classes.dex | 6:RWm3KnK56PikiEE8GtVm0fFUUlzYfdQV/AprGzOovyqXEATmJtxMmeL5xtCKT5OH:RW… |
Information computed with AndroGuard and Pithus.
Information computed with AndroGuard.
Information computed with MobSF.
Findings | Files |
---|---|
Certificate/Key files hardcoded inside the app. |
assets/.appkey |
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed by Pithus.
First seen | 2021-02-21 18:32:37 |
Last seen | None |
Report | https://bazaar.abuse.ch/sample/f83de85b03707423e6a6286fe01a238d85510a043381644690fd0fb8b0eaddec/ |
Threat name | None |
Status | KNOWN |
First seen | 2020-10-01 06:24:23 |
Score | 2/28 |
Detection | None |
Report | https://mwdb.cert.pl/sample/f83de85b03707423e6a6286fe01a238d85510a043381644690fd0fb8b0eaddec/ |
Score | 8/63 |
Report | https://www.virustotal.com/gui/file/f83de85b03707423e6a6286fe01a238d85510a043381644690fd0fb8b0eaddec/detection |
Information computed with MobSF.
FCS_STO_EXT.1.1 | The application does not store any credentials to non-volatile memory. Storage of Credentials |
FCS_CKM_EXT.1.1 | The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services |
FDP_DEC_EXT.1.1 | The application has access to ['bluetooth', 'location']. Access to Platform Resources |
FDP_DEC_EXT.1.2 | The application has access to no sensitive information repositories. Access to Platform Resources |
FDP_NET_EXT.1.1 | The application has no network communications. Network Communications |
FDP_DAR_EXT.1.1 | The application does not encrypt files in non-volatile memory. Encryption Of Sensitive Application Data |
FTP_DIT_EXT.1.1 | The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product. Protection of Data in Transit |
Information computed with MobSF.
Information computed with Quark-Engine.
Confidence:
|
Read file from assets directory |
Confidence:
|
Method reflection |
Confidence:
|
Read data and put it into a buffer stream |
Confidence:
|
Read file and put it into a stream |
Confidence:
|
Open a file from given absolute path of the file |
Confidence:
|
Get absolute path of the file and store in string |
Information computed with MobSF.
Java reflection
|
Load and manipulate dex files
|
Loading native code (shared library)
|
Information computed by Pithus.