Analysis
-
max time kernel
22s -
max time network
159s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
01-07-2024 03:50
General
-
Target
app-projz-20240512.apk
-
Size
360.3MB
-
MD5
19aa1c8d4738b33b51889886cb4a4d27
-
SHA1
aa9c122aa5a67f5a2454b70377be4ecbaaa4292c
-
SHA256
c9d8629070d5cefc3aac5438218e9c1c63a4353b3026ffd8738e34e92060101a
-
SHA512
512fd08f2be3d22fd8ae6e35c94f118c80795f384e9f218effdce948b225f14f30ec220673073bc9be6e75f7982582cc40a35a92f72dbbb687ba1841c8be6785
-
SSDEEP
6291456:wgYxYkeW/qtUW0Pfh9H6OLF50Juvt65pU/CNpYHTa:wJeGVpGJYUpU/CSHTa
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Checks known Qemu files. 1 TTPs 2 IoCs
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock 1 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.projz.z.android1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.projz.z.android/databases/com.google.android.datatransport.eventsFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.projz.z.android/databases/com.google.android.datatransport.events-journalFilesize
512B
MD592f4d9db8079b0d61d67e14bab0c1c27
SHA1b79a34ed5ac497519f04d2344ab567828a572263
SHA256f5865d5ff81815fa207faa8c13d14a58bd1e2002bc1e38a058362fd2aee4f90a
SHA5120a12d78313dae52a742d84aa9b4c12f2a89ccebe51ded37729d2f2a511d13c582810e91ea63f03b924a7499b57b8a6ad859ea43d895dd8740f15d7110ca6031d
-
/data/data/com.projz.z.android/databases/com.google.android.datatransport.events-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.projz.z.android/databases/com.google.android.datatransport.events-walFilesize
68KB
MD5625d22710d8a870b5f9117f6b875db92
SHA18ff6291881905c7a9e041908886970ce166371b9
SHA256e85415d377f8f6ab90851b6620d777ccf1c8bf1a7e1892e1e34cf81ba1be0c8d
SHA5125b9eab16033cc828a23d48b8f9c6d068260767fc222457fc357c8b75d1e4531639cce6184ef46f559ff1ba59e9a0ab0c5da06068959921345ebb508dd388c66c
-
/data/data/com.projz.z.android/databases/google_app_measurement_local.dbFilesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
/data/data/com.projz.z.android/databases/google_app_measurement_local.dbFilesize
16KB
MD5d2938d22744ad3bb3e2eda0f3c5f6014
SHA119771faf464b0e581dad47295c60f99698cec907
SHA25694a1e4c95f1d6eb03be54ab4583a0f969dd48ff4d8a8442694d583d90ed86423
SHA5121d5b65a56247d49fc732688be6afc887d552d566d03b9d159ce929bdabaa75315309d5e5ba027b0dc23002bcdcf5cffecff3fd3b9e2a229d14dc45ece491778a
-
/data/data/com.projz.z.android/databases/google_app_measurement_local.dbFilesize
16KB
MD557693d19caca1b053b7637d05a408d9d
SHA10cab157fc80f71b84ee7004e18084f1fad2fc549
SHA256053e67d25ae366114ca43f64ab0e736136839bc23c03c338b9e2c45712a889b1
SHA51248c078bcc0b2bddf5078abc50198e086a55ecfc37ba3d86cb7baf27ff9ce9c7607fc4285382af920424b07b59c83ee08fd0811e5bad90aa6a44e8794bf794bc0
-
/data/data/com.projz.z.android/databases/google_app_measurement_local.dbFilesize
16KB
MD59f0824ae5565970d22818eb97a24ffce
SHA1d9d36178b5ed51ee2a75715acf27558a0f095b48
SHA256f483f14d311ea4dacebf98d6982345d19b790dd41c359829c4049dd244abd863
SHA51273765f15bcd8a36fe1edcda488691f5f3d8d632b8bb1eeb53029df604ccda9aec4f07122e65eee40c0ba1676f8a8d194a81853633795f9f0d991f2d173813517
-
/data/data/com.projz.z.android/databases/google_app_measurement_local.db-journalFilesize
512B
MD5d908b4a28826595ce806024baff350fb
SHA128608e47723649c4dc228a733c08709506dbf40b
SHA25623521b0f3edffa9e3d570795a82ee1e35332a46dcdc83f8edec8be70b1273d3f
SHA51286bf146c3a825189ed563d946f569927e1af254f753042018c2143a9b78159a61b37690eed4547bbe10fbba5a2e70c1a1ad05f26568cc82103fbcaed88bf46a0
-
/data/data/com.projz.z.android/databases/google_app_measurement_local.db-walFilesize
36KB
MD5acf819a8c0fcab333a5f5e482d55acf5
SHA1f59b779213a89247ee264869acb8381a959ce77e
SHA2568a73fb7e761f12da685e08528a9c522faf227cf698008ce03cfbe5afebac5318
SHA512e3e7b843041e8cf0a33befad001cd28ad826af7b354e31b4cc652f572cb8ef8a349d37906764c657af8b74d6088f6e6b9b1625b40ec26f20b0ab0017d308e9a0
-
/data/data/com.projz.z.android/databases/google_app_measurement_local.db-walFilesize
4KB
MD579c93810f02d7430d7ff4e1234cde57d
SHA1279aa739bbf49417b8f0b84d58c5a2dc97e3bda3
SHA2569cbc1e86c9b57ca5c29f9178d2b3ffc5fb80718e95992e69cc2028614cfe578b
SHA512e2f203f1e8acea1411ef756f6a06a5690138c156ca8b2a75273503ed5aa5d1401f72ab2eecd875662ba1735a108becee61e221dd191ecc7dbc226aa25a753219
-
/data/data/com.projz.z.android/databases/google_app_measurement_local.db-walFilesize
4KB
MD588d453410904fdf674338b0b987249da
SHA19b17f5bcd83db336c2dabaa57c511ac91b9679ab
SHA256615621870ff7a7743ddb8a3f76dc15db1ff9782a3c20356031b83afdc274c45f
SHA512d4344f8e9fdcc658194d194dbff2f6ba3b96732d06653dcddc9ba63e7dac81a54c4349776d99a1cf47a313891efda23b267764f26102460d28e68b90fb8b6c52
-
/data/data/com.projz.z.android/databases/google_app_measurement_local.db-walFilesize
4KB
MD58d87b5e8f9b197c3866aaeb300fdaf21
SHA17f4146211f4d73834765663a72fc7c84603137e9
SHA2561919dfd4809131e796d773391b1026df4050d7cc10f3d176a2e50571363f02a5
SHA512e0147b016c4cb6a81f02bf2ec1a030285e6e69498aca7dd954440dadaaf310af3cc63aff889fb6d5d9e14bd0dd2dda9d2bb2cd00d85b55ef27441db1a9484079
-
/data/data/com.projz.z.android/databases/thinkingdata-journalFilesize
512B
MD5649b47b404756998ba7985a50775ec89
SHA19ba0eb18df3e3f6439627e2f9c4ef3328709c921
SHA2562679656078c430cd8b453694cdc0c7d79e2b8c8309c74fe4e53d0df95b343163
SHA512fe8a93d33c25ef995d537eaf77fafdfb17eda3d8c1e7d7687cecaf4e62d90064b4ae6761cc68ccf1814ffdca89283f50cf00026c50911c46c2604126f5e24dd4
-
/data/data/com.projz.z.android/databases/thinkingdata-walFilesize
36KB
MD5e41989c2535c697a10f6136a07df9bfa
SHA1078cfc2532d2e7bc3bd849b9548d4f747823c202
SHA256a269f59975cde973670b46f3c1ffaa3c520acae25c71bfe31ff0e93e950ccee4
SHA5123f320f716b15e718fe38c65b5a01c5757c9b0d32a86e25b952a489ea64b4f2143985632114b613ebdd93e0a417ddc64a023c2d8b243a92b302c97c8caec79789
-
/data/data/com.projz.z.android/files/.com.google.firebase.crashlytics.files.v2:com.projz.z.android/com.crashlytics.settings.jsonFilesize
715B
MD5717dbcf161798fd5ba242531b684fb63
SHA1390ee2eb7a297a4390a9892ba4e13c0b5107cade
SHA256e7f27cc8327a4ba5513fea985eb18bc30959e5a228e7ee1c16951a459fa2e2fb
SHA512dbfe47c8fe71bb22ac4334ca071805dde816157e0e70467e4ba7e3514667cc796eb688d899b34ea653aa4a5b062a918c9bcccb9e2a4a9e08c215e4609aef3441
-
/data/data/com.projz.z.android/files/.com.google.firebase.crashlytics.files.v2:com.projz.z.android/open-sessions/668228A40287000110F49749BDA358C0/reportFilesize
750B
MD59c0d05b1272f399485bfc83c2aff3656
SHA1e96e17c48a96fb58fb7996aecc849e7c8366a879
SHA256854a94881aa8c56bb08c808f37751734b5875e215b13b66d3e41af51b21d98eb
SHA5122e365e685c267ff549b505ebd3f2dbc3a3d8ce48f0dbf0b94786f2cfea1caa12541bd5fe94f1e838536b24375d86dacc40fe4521f44ab5071375ea3aab362df5
-
/data/data/com.projz.z.android/files/.com.google.firebase.crashlytics.files.v2:com.projz.z.android/open-sessions/668228A40287000110F49749BDA358C0/userlogFilesize
588B
MD5418bf796a864106ff77b1352ef62e471
SHA16bac68ad11e925f415d650f5e2e02cb08653ad9b
SHA2566d98d73d4958a385124f0f25865e90751b73b41fd49dc3e22189d07bce9aaa53
SHA51296d9059e077f2cf3a9a98833b23a1ec3aad92a41d3636ff9f01292f4303cebfd6a890c5e0af1b317d70e16e9e09046e13f2f6f00ffdffc8464e3f152cb4b33f8
-
/data/data/com.projz.z.android/files/.com.google.firebase.crashlytics.files.v2:com.projz.z.android/open-sessions/668228A40287000110F49749BDA358C0/userlog.tmpFilesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.projz.z.android/files/INSTALLATIONFilesize
36B
MD554de0c4403ae13e36d565779b37c7822
SHA136c08927be79184e15b76e9b87db91e4cb4ba338
SHA2563765f2e6d68ff818b5a8bc34b68aa1e801004179d5d863873465236ad249c2dd
SHA5129aa48225b2d997018d07528de27f93f020a53a90a5612fdf56725c4470b40e1d33d6bb87f6c53b5588db519f04dc7327974976194ee0db6185fe4aa3439dcc59
-
/data/data/com.projz.z.android/files/PersistedInstallation2743111412926065647tmpFilesize
566B
MD541920f64dd772e5064a0388e804d99e2
SHA17f025ca389daac486e84e5ee1a295d2f19b192f4
SHA2564b573bf7f3537d5ae62a02a4a197652ed02a434456e19470af21580ce8ba02c0
SHA512584d6bcfe9ddeb654a8608cff5d194d9ba293ae51812d3a862049e724e925b3bf3a04e48ed0f7969ab1339ac09799961404267c4f666defc304eddc328584fec
-
/data/data/com.projz.z.android/files/PersistedInstallation9178313220118881530tmpFilesize
90B
MD59cb779e2cb1e4a64a082f657b8cc739d
SHA1c8f6136c3ff19c0e0a03fe7a4fa58472053e6572
SHA256b1fde2548d6c35170d3a4ab8c1f354b0b34f80635f88dfcb000b49b1a5b130dc
SHA512da4f4860b4b53e44753c1921331628375ffc6c6d30981cff1198bb3c7385220a372c2b232130670fa301a70885486894d7dec6d217bb1880e93e4d8483e802c2
-
/data/data/com.projz.z.android/lib-main/dso_stateFilesize
1B
MD593b885adfe0da089cdf634904fd59f71
SHA15ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA2566e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee
-
/data/data/com.projz.z.android/lib-main/libByteVC1_dec.soFilesize
393KB
MD56bdbd6f87a61d1c7f888d77ff22ffba1
SHA1a7a4fcccf991e5aedfe74d82382ba08d13df45f4
SHA2561de043491de6c0d317fd3caffecbca21b052e746cfb080db6ee9778b5d71a2a2
SHA51213c7c8da92e5eb809d6153cc5654818d0d1833a2bbc4a7fe73fe5e3db6f4bbb0b2138e0beecdd9c31835f5197234f33dbac0740908a9d050b55047e4ad59df79
-
/data/data/com.projz.z.android/lib-main/libavmdl.soFilesize
1.1MB
MD5324b892762a88ff6ff0ffae033bcc2dd
SHA1c8b3f2dbdfdb217cef99eba234d0cd8d538310e4
SHA2564744826a65617c5523061339d0fd595e93ce02698097aa0c3d65245bc7a451c0
SHA512283df4e4e47477f9c84bdbe9731831fa3aab23ed05f57a29007e7a9d2df1b59d895c4170591dcd7e59d968475eb9bea2ca52e31887e538c049072d34554cb992
-
/data/data/com.projz.z.android/lib-main/libavmdlbase.soFilesize
109KB
MD542df88b2c5414863b627d0aaeabcc13e
SHA15f1ea152af562ab641db1efff9368d09853a3183
SHA25638ee09ef3d6d8de1ce0b04a874775f1b4ed8eced556fb856f20dc1c2f5cd490f
SHA5124a9fdb2688fefd13a1b455933c6784a1c900965832779c641eb2578368ed36918f822e979cfa13336c5e92e99a8e0d117b9e59e81fbfbbeafecbd5688b5152c8
-
/data/data/com.projz.z.android/lib-main/libcachemodule.soFilesize
326KB
MD5e22e31ea66d61ed77634c26664cf0cb1
SHA15c3b4d4e520c7076b3c58e5f39d845001a327705
SHA2569c6fd821219fab3098acf1f0ac375d2e0ac30e73e9f1512e52d5816c93c450ef
SHA5124439589c4286e115eebfb88b7ff29cff51ceab2ed22c5109b6daec265b9a02e5956bad2e5ea8f0256a0a3f1637dab4a36d732bc51a0db1ff72dbb2a22247c127
-
/data/data/com.projz.z.android/lib-main/libpreload.soFilesize
748KB
MD5e720435c7a4a5d054149676fa3ecb6a5
SHA1392b0bc87dd3063ea2eb2feed93fc5d4502550e8
SHA256abc7e97379f9dafa41ee3b9d3e6e967cd67290b1e9e2b937400480b9231712cf
SHA512d97e9f55c56db099e2c069666567248026e4606892f3f856677f91c24ec41a5a77c3360cd897795e2fbd2c1bb90510303bc705f5f3c0b66ade88e5f3f0556862
-
/data/data/com.projz.z.android/no_backup/androidx.work.workdb-journalFilesize
512B
MD5c9c14e90f034902c1604f0a5693e7317
SHA1243166e51487bbf00982fb7abdcbd682a410490b
SHA25660db317fe543d6dce10c36ef99e1aa3c4d59b86def5e4141142626e814fd885e
SHA5124f5ce8519c2ee75b896b778b92bdfa350a201950bf7b0b6ecdc546d69a2953b38a5db394d244705658841277c8db01a8bddb1b74107cf8b2827bd504d76c730f
-
/data/data/com.projz.z.android/no_backup/androidx.work.workdb-walFilesize
16KB
MD5296dd6b389c2c1e295d67335fab92d39
SHA1fdf0a9a3461c12fc2aa24d4390bc39d8e53f39b0
SHA2568c3665cd89f6cec849556c4545c0ec6b40b999c7d1c623435452632e5346268a
SHA51256ca4de0bdc482580818efd8351caf64cd19944aa27a6ea101c7d806f03961c9b9a3462b919b23d12ae172387d32e886b0ce46eb1336a9f3c26c2f46cb6968a9
-
/data/data/com.projz.z.android/no_backup/androidx.work.workdb-walFilesize
108KB
MD567112d49836d16bec3aa73f6eb16a90a
SHA1a83153a2f2ccce5659d30ac64292909ba525bf94
SHA256a48ac261e487b997542a308df4bd34d242442da9071e9edf87872cc803a4f918
SHA512b7ace2119556bb8a0e5dbf4e330a8a1635c56423f3761df4f3461fabcde2f199cf4b0e5fe95b60595375aad1454ed9acb13e6b667be85d2bc91200a315f1d07f
-
Anonymous-DexFile@0xb88c3000-0xb88c8bacFilesize
22KB
MD5190c644f226023e29ca02d2b5c389465
SHA171d40cb26e7a6f8097d3fb2480b0f72e1bb7e122
SHA2565eb543dfda35709323935e77fd9d4ffcdabe5409155306accb6e7110d978c5af
SHA512a19c6190be024c42eecafe9b76ee7d241be3ddb031eecf6425a1049e043071f7e25d679159244171690fda4b75073a03404acffbab810f5a2285d554c1bec299
-
Anonymous-DexFile@0xc0db8000-0xc0dbae64Filesize
11KB
MD50ee3db862c9337dda4df715e291a5d88
SHA1ec095a98dae9fa16e1c3020c1fc063f3a3e54652
SHA256f0de5ae88256a851faea36f57d7184efb392b9410db3f52d91636edaf1061aa1
SHA5124e793791c4703c1603cdc68f33305e2de039b7f28e06ca2edaf9069bd2076ebb2a9b9bfe8f35ca75322db3976d3b4c4ee5cd73e0ab7b66fa682741322ed864f5