Loading ...

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:233048
Start date:26.05.2020
Start time:15:20:10
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 8m 4s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:stopcovid-release.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 6.0
APK Instrumentation enabled:true
Detection:MAL
Classification:mal52.evad.andAPK@0/252@2/0
Warnings:
Show All
  • An application runtime error occurred
  • Excluded IPs from analysis (whitelisted): 216.58.205.227, 216.58.206.8
  • Excluded domains from analysis (whitelisted): connectivitycheck.gstatic.com, ssl.google-analytics.com, ssl-google-analytics.l.google.com
  • No interacted views
  • No simulation commands forwarded to apk
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all non-executed APIs are in report
  • Not all resource files were parsed
  • Not all resource strings were parsed
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold520 - 100falsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification Spiderchart

Analysis Advice




Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingSystem Network Connections Discovery1Application Deployment SoftwareLocation Tracking11Data CompressedStandard Non-Application Layer Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingLocation Tracking11Remote ServicesNetwork Information Discovery2Exfiltration Over Other Network MediumStandard Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureSystem Information Discovery1Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationCustom Cryptographic ProtocolExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesProcess Discovery1Logon ScriptsInput CaptureData EncryptedMultiband CommunicationSIM Card SwapPremium SMS Toll Fraud

Signature Overview

Click to jump to signature section


Location Tracking:

barindex
Queries the phones location (GPS)Show sources
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:29API Call: android.location.Location.getLatitude
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:30API Call: android.location.Location.getLongitude
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:32API Call: android.location.Location.getLatitude
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:33API Call: android.location.Location.getLongitude
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:35API Call: android.location.Location.getLatitude
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:36API Call: android.location.Location.getLongitude
Source: androidx.appcompat.app.TwilightManager;->getLastKnownLocationForProvider:6API Call: android.location.LocationManager.getLastKnownLocation

Exploits:

barindex
Might use exploit to break dedexer toolsShow sources
Source: stopcovid-release.apkCode Location: Lorg/bouncycastle/tls/TlsServerProtocol;.handleHandshakeMessage(SLorg/bouncycastle/tls/HandshakeMessageInput;)V

Spreading:

barindex
Accesses external storage locationShow sources
Source: androidx.core.content.FileProvider;->parsePathStrategy:40API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: androidx.work.impl.constraints.trackers.NetworkStateTracker;->getActiveNetworkState:11API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: androidx.work.impl.constraints.trackers.NetworkStateTracker;->getActiveNetworkState:12API Call: android.net.NetworkInfo.isConnected
Opens an internet connectionShow sources
Source: okhttp3.internal.platform.AndroidPlatform;->connectSocket:77API Call: java.net.Socket.connect (not executed)
Source: okhttp3.internal.platform.Platform;->connectSocket:85API Call: java.net.Socket.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketBase;->implConnect:23API Call: javax.net.ssl.SSLSocket.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketDirect;-><init>:28API Call: javax.net.ssl.SSLSocket.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketDirect;-><init>:37API Call: javax.net.ssl.SSLSocket.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketDirect;->connect:63API Call: javax.net.ssl.SSLSocket.connect (not executed)
Performs DNS lookups (Java API)Show sources
Source: okhttp3.Dns$Companion$DnsSystem;->lookup:2API Call: java.net.InetAddress.getAllByName (URL: "fakeurl.fr")
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->checkHostname:808API Call: java.net.InetAddress.getByName (not executed)
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->checkHostname:809API Call: java.net.InetAddress.getByName (not executed)
Source: com.google.gson.internal.bind.TypeAdapters$23;->read:6API Call: java.net.InetAddress.getByName (not executed)
Source: okhttp3.tls.internal.TlsUtil$localhost$2;->invoke:5API Call: java.net.InetAddress.getByName (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketBase;->implConnect:20API Call: java.net.InetAddress.getByName (not executed)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)Show sources
Source: unknownDNS traffic detected: query: fakeurl.fr.example.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: fakeurl.fr replaycode: Name error (3)
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.184.188
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: fakeurl.fr
Urls found in memory or binary dataShow sources
Source: $sick__0.xmlString found in binary or memory: http://schemas.android.com/aapt
Source: standalone_badge_gravity_top_start.xml, activity_main.xml, mtrl_picker_header_title_text.xml, item_double_button.xml, nav_main.xml, androidString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: protect.xml, activity_main.xml, abc_btn_radio_material_anim.xml, mtrl_picker_header_title_text.xml, tooltip_frame_dark.xml, text_view_without_line_height.xml, mtrl_calendar_month.xml, mtrl_alert_dialog_actions.xml, design_layout_snackbar_include.xml, abc_screen_content_include.xml, notification.xml, $sick__0.xml, btn_checkbox_unchecked_to_checked_mtrl_animation.xml, abc_seekbar_track_material.xml, item_button.xml, btn_checkbox_to_checked_box_outer_merged_animation.xml, abc_action_menu_item_layout.xml, item_double_button.xml, test_toolbar_custom_background.xml, preference_widget_seekbar.xml, nav_main.xml, design_fab_show_motion_spec.xml, androidString found in binary or memory: http://schemas.android.com/apk/res/android
Source: NotoColorEmojiCompat.ttfString found in binary or memory: http://scripts.sil.org/OFL
Source: NotoColorEmojiCompat.ttfString found in binary or memory: http://www.google.com/get/noto/This
Source: source_context.protoString found in binary or memory: https://developers.google.com/protocol-buffers/
Source: androidString found in binary or memory: https://fakeurl.fr/
Source: androidString found in binary or memory: https://fakeurl.fr//
Source: androidString found in binary or memory: https://fakeurl.fr/privacy-en.json
Source: androidString found in binary or memory: https://fakeurl.fr/strings-en.json
Source: androidString found in binary or memory: https://github.com/mikepenz/FastAdapter/blob/develop/library-core/src/main/java/com/mikepenz/fastada
Source: androidString found in binary or memory: https://gitlab.inria.fr/stopcovid19

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Has permission to take photosShow sources
Source: submitted apkRequest permission: android.permission.CAMERA

E-Banking Fraud:

barindex
Has functionalty to add an overlay to other appsShow sources
Source: androidx.appcompat.app.AppCompatDelegateImpl;->openPanel:688API Call: WindowManager.addView
Source: androidx.appcompat.widget.TooltipCompatHandler;->show:128API Call: WindowManager.addView

Change of System Appearance:

barindex
Acquires a wake lockShow sources
Source: androidx.work.impl.Processor;->startForeground:77API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.work.impl.background.systemalarm.DelayMetCommandHandler;->handleProcessWork:41API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.work.impl.background.systemalarm.SystemAlarmDispatcher$1;->run:34API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.work.impl.background.systemalarm.SystemAlarmDispatcher;->processCommand:110API Call: android.os.PowerManager$WakeLock.acquire

System Summary:

barindex
Requests to ignore battery optimizationsShow sources
Source: Lcom/lunabeestudio/stopcovid/manager/ProximityManager;->requestIgnoreBatteryOptimization(Landroidx/fragment/app/Fragment;)VMethod string: "android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"
Source: Lcom/lunabeestudio/stopcovid/manager/ProximityManager;->hasActivityToResolveIgnoreBatteryOptimization(Landroid/content/Context;)ZMethod string: "android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.BLUETOOTH
Source: submitted apkRequest permission: android.permission.BLUETOOTH_ADMIN
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Classification labelShow sources
Source: classification engineClassification label: mal52.evad.andAPK@0/252@2/0
Creates SQLiteDatabase tableShow sources
Source: androidx.work.impl.WorkDatabaseMigrations$WorkMigration9To10;->migrate:46API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: androidx.work.impl.WorkDatabase_Impl$1;->createAllTables:46API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: androidx.work.impl.WorkDatabaseMigrations$1;->migrate:13API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: androidx.room.RoomOpenHelper;->updateIdentity:103API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: androidx.work.impl.WorkDatabaseMigrations$4;->migrate:4API Call: android.database.sqlite.SQLiteDatabase.execSQL
Reads shares settingsShow sources
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getAtRisk:13API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getFilteringInfo:20API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getLastExposureTimeframe:29API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getProximityActive:35API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getSharedKey:42API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->isSick:52API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.stopcovid.extension.SharedPreferencesExtKt;->isOnBoardingDone:2API Call: android.content.SharedPreferences.getBoolean
Source: androidx.work.impl.WorkDatabaseMigrations$WorkMigration9To10;->migrate:14API Call: android.content.SharedPreferences.getBoolean
Source: com.lunabeestudio.stopcovid.manager.AppMaintenanceManager;->retrieveLastMaintenanceJson:9API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.utils.CryptoManager;->getAesGcmLocalProtectionKey:46API Call: android.content.SharedPreferences.getString
Registers a Sensor listener (to get data about accelerometer, gyrometer etc.)Show sources
Source: com.journeyapps.barcodescanner.camera.CameraManager;->startPreview:254API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Uses reflectionShow sources
Source: com.google.gson.internal.ConstructorConstructor$14;-><init>:8API Call: Real call: private static final sun.misc.Unsafe sun.misc.Unsafe.theUnsafe
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@1d50701
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@1d50701
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: androidx.appcompat.widget.ViewUtils;->makeOptionalFitsSystemWindows:22API Call: Real call: androidx.appcompat.widget.FitWindowsLinearLayout{2d92161 V.E...... ......I. 0,0-0,0 #7f090034 app:id/action_bar_root}
Source: androidx.appcompat.widget.ViewUtils;->makeOptionalFitsSystemWindows:22API Call: Real call: public void android.view.ViewGroup.makeOptionalFitsSystemWindows()
Source: okhttp3.internal.platform.AndroidPlatform;->getStackTraceForCloseable:94API Call: Real call: null
Source: okhttp3.internal.platform.AndroidPlatform;->getStackTraceForCloseable:94API Call: Real call: public static dalvik.system.CloseGuard dalvik.system.CloseGuard.get()
Source: okhttp3.internal.platform.AndroidPlatform;->getStackTraceForCloseable:96API Call: Real call: dalvik.system.CloseGuard@824bf17
Source: okhttp3.internal.platform.AndroidPlatform;->getStackTraceForCloseable:96API Call: Real call: public void dalvik.system.CloseGuard.open(java.lang.String)
Source: androidx.activity.ImmLeaksCleaner;->onStateChanged:16API Call: java.lang.reflect.Field.get
Source: androidx.activity.ImmLeaksCleaner;->onStateChanged:18API Call: java.lang.reflect.Field.get
Source: kotlinx.coroutines.android.AndroidExceptionPreHandler;->handleException:14API Call: java.lang.reflect.Method.invoke
Source: kotlinx.coroutines.android.HandlerDispatcherKt;->asHandler:9API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:21API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:23API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:27API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->getSelectedProtocol:36API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.ActivityRecreator$LifecycleCheckCallbacks;->onActivityPaused:5API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator$LifecycleCheckCallbacks;->onActivityPaused:7API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator$3;->run:8API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.ActivityRecreator$3;->run:13API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.ActivityRecreator;->recreate:35API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator;->recreate:37API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator;->recreate:50API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatDelegateImpl;->applyDayNight:69API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatDelegateImpl;->applyDayNight:78API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatDelegateImpl;->applyDayNight:88API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatDelegateImpl;->applyDayNight:95API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatViewInflater$DeclaredOnClickListener;->onClick:37API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->flushThemedResourcesCache:1988API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->getButtonDrawable:2043API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->getLayoutDirection:2192API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->setLayoutDirection:3369API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->setWindowLayoutType:3426API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter;->write:28API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter;->write:32API Call: java.lang.reflect.Field.get
Source: com.google.android.material.chip.Chip;->dispatchHoverEvent:220API Call: java.lang.reflect.Field.get
Source: com.google.android.material.chip.Chip;->dispatchHoverEvent:228API Call: java.lang.reflect.Method.invoke
Source: kotlinx.coroutines.CommonPool;->createPool:25API Call: java.lang.reflect.Method.invoke
Source: kotlinx.coroutines.CommonPool;->createPool:31API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->getResId:35API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->getResPackage:53API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->getUri:73API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.WrappedDrawableApi21;->isProjected:18API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi21Impl;->addFontWeightStyle:6API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi21Impl;->createFromFontFamilyFilesResourceEntry:42API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi24Impl;->addFontWeightStyle:22API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi24Impl;->createFromFamiliesWithDefault:28API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->abortCreation:23API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi28Impl;->createFromFamiliesWithDefault:9API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->addFontFromAssetManager:31API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->createFromFamiliesWithDefault:39API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->createFromFontInfo:74API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->freeze:89API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.ConstructorConstructor$14;-><init>:15API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$2;->newInstance:5API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$3;->newInstance:4API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.BaseContinuationImpl;->getStackTraceElement:15API Call: java.lang.reflect.Field.get
Source: kotlin.coroutines.jvm.internal.BaseContinuationImpl;->getStackTraceElement:39API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.BaseContinuationImpl;->getStackTraceElement:41API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.BaseContinuationImpl;->getStackTraceElement:43API Call: java.lang.reflect.Method.invoke
Source: kotlin.internal.PlatformImplementations;->addSuppressed:3API Call: java.lang.reflect.Method.invoke
Source: androidx.lifecycle.ClassesInfoCache$CallbackInfo;->invokeMethodsForEvent:18API Call: java.lang.reflect.Method.invoke
Source: androidx.lifecycle.ClassesInfoCache$CallbackInfo;->invokeMethodsForEvent:20API Call: java.lang.reflect.Method.invoke
Source: androidx.lifecycle.ClassesInfoCache$CallbackInfo;->invokeMethodsForEvent:22API Call: java.lang.reflect.Method.invoke
Source: com.lunabeestudio.stopcovid.manager.ProximityManager;->isNotificationOn:106API Call: java.lang.reflect.Field.get
Source: com.lunabeestudio.stopcovid.manager.ProximityManager;->isNotificationOn:110API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.view.menu.CascadingMenuPopup;->showMenu:178API Call: java.lang.reflect.Method.invoke
Source: androidx.navigation.NavArgsLazy;->getValue:23API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform$CustomTrustRootIndex;->findByIssuerAndSignature:14API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform;->logCloseableLeak:113API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform$AlpnProvider;->invoke:39API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->afterHandshake:14API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->configureTlsExtensions:28API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->getSelectedProtocol:37API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.ExtensionRegistryLite;->getEmptyRegistry:11API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.GeneratedMessageLite;->invokeOrDie:44API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.ManifestSchemaFactory;-><init>:7API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.UnsafeUtil$1;->run:5API Call: java.lang.reflect.Field.get
Source: org.bouncycastle.jsse.provider.ReflectionUtil$6;->run:5API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;-><init>:7API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->makeAccessible:17API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->makeAccessible:27API Call: java.lang.reflect.Method.invoke
Source: androidx.core.content.res.ResourcesCompat$ThemeCompat$ImplApi23;->rebase:11API Call: java.lang.reflect.Method.invoke
Source: retrofit2.Retrofit$1;->invoke:4API Call: java.lang.reflect.Method.invoke
Source: androidx.transition.ViewUtilsBase;->setLeftTopRightBottom:17API Call: java.lang.reflect.Method.invoke
Source: androidx.versionedparcelable.VersionedParcel;->readVersionedParcelable:52API Call: java.lang.reflect.Method.invoke
Source: androidx.versionedparcelable.VersionedParcel;->writeVersionedParcelable:79API Call: java.lang.reflect.Method.invoke
Source: androidx.core.view.KeyEventDispatcher;->dispatchKeyEvent:11API Call: java.lang.reflect.Method.invoke
Source: androidx.core.view.KeyEventDispatcher;->dispatchKeyEvent:22API Call: java.lang.reflect.Field.get
Source: androidx.core.view.ViewConfigurationCompat;->getLegacyScrollFactor:7API Call: java.lang.reflect.Method.invoke
Source: androidx.core.view.WindowInsetsCompat$BuilderImpl20;-><init>:8API Call: java.lang.reflect.Field.get
Source: androidx.core.view.ViewCompat;->getAccessibilityDelegateInternal:66API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.view.SupportMenuInflater$InflatedOnMenuItemClickListener;->onMenuItemClick:21API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.view.SupportMenuInflater$InflatedOnMenuItemClickListener;->onMenuItemClick:25API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.view.SupportMenuInflater$MenuState;->setItem:53API Call: java.lang.reflect.Method.invoke
Source: androidx.core.widget.TextViewCompat$OreoCallback;->onPrepareActionMode:30API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintSet;->clone:219API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->setChildrenConstraints:615API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->setChildrenConstraints:619API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->setChildrenConstraints:622API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->setChildrenConstraints:626API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->setChildrenConstraints:630API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->setChildrenConstraints:634API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->setChildrenConstraints:638API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.AppCompatTextViewAutoSizeHelper;->invokeAndReturnWithDefault:25API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.DrawableUtils;->getOpticalBounds:30API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.AppCompatTextViewAutoSizeHelper;->setTextSizeInternal:159API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.ListPopupWindow;->show:101API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.ListPopupWindow;->show:158API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.ListPopupWindow;->show:173API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView$SearchAutoComplete;->ensureImeVisible:16API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView;->forceSuggestionQuery:208API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView;->forceSuggestionQuery:213API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.ViewUtils;->computeFitSystemWindows:10API Call: java.lang.reflect.Method.invoke

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: androidx.work.impl.utils.WakeLocks;->newWakeLock:24API Call: android.os.PowerManager.newWakeLock
Starts/registers a service/receiver on phone boot (autostart)Show sources
Source: androidx.work.impl.background.systemalarm.RescheduleReceiver;->onReceive:17API Call: android.content.Context.startService (not executed)

Hooking and other Techniques for Hiding and Protection:

barindex
Has permission to use bluetooth to discover and pair with other devicesShow sources
Source: submitted apkRequest permission: android.permission.BLUETOOTH_ADMIN
Queries list of running processes/tasksShow sources
Source: androidx.work.impl.background.greedy.GreedyScheduler;->getProcessName:33API Call: android.app.ActivityManager.getRunningAppProcesses
Uses Crypto APIsShow sources
Source: com.lunabeestudio.stopcovid.fragment.ProximityFragment;->injectWebView:138API Call: java.security.MessageDigest.getInstance
Source: com.lunabeestudio.stopcovid.fragment.ProximityFragment;->injectWebView:143API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.AbstractTlsSecret;->encrypt:19API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.AbstractTlsSecret;->encrypt:24API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.AbstractTlsSecret;->encrypt:25API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider$NonceEntropySource$NonceEntropySourceSpi;->runDigest:22API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider$NonceEntropySource$NonceEntropySourceSpi;->runDigest:24API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider$NonceEntropySource$NonceEntropySourceSpi;->runDigest:26API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsHash;->calculateHash:3API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsHash;->update:12API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceAEADCipherImpl;->doFinal:14API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceAEADCipherImpl;->init:28API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceAEADCipherImpl;->init:34API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherImpl;->doFinal:7API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherImpl;->init:15API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherWithCBCImplicitIVImpl;->doFinal:6API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherWithCBCImplicitIVImpl;->doFinal:15API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceChaCha20Poly1305;->init:44API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceChaCha20Poly1305;->runCipher:55API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;->decrypt:30API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;->decrypt:31API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:36API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:38API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:39API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:40API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:42API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:43API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:44API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:46API Call: java.security.MessageDigest.digest
Source: okio.ByteString;->digest$okio:15API Call: java.security.MessageDigest.getInstance
Source: okio.ByteString;->digest$okio:17API Call: java.security.MessageDigest.digest
Source: okio.SegmentedByteString;->digest$okio:10API Call: java.security.MessageDigest.getInstance
Source: okio.SegmentedByteString;->digest$okio:14API Call: java.security.MessageDigest.update
Source: okio.SegmentedByteString;->digest$okio:15API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.jcajce.util.DefaultJcaJceHelper;->createCipher:4API Call: javax.crypto.Cipher.getInstance
Source: org.bouncycastle.jcajce.util.DefaultJcaJceHelper;->createDigest:5API Call: java.security.MessageDigest.getInstance
Source: org.bouncycastle.jcajce.util.BCJcaJceHelper;->createCipher:14API Call: javax.crypto.Cipher.getInstance
Source: org.bouncycastle.jcajce.util.BCJcaJceHelper;->createDigest:16API Call: java.security.MessageDigest.getInstance
Source: com.lunabeestudio.framework.utils.CryptoManager$encrypt$ciphertext$1;->invoke:3API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.utils.CryptoManager$decrypt$1;->invoke:4API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.utils.CryptoManager$decrypt$1;->invoke:7API Call: javax.crypto.Cipher.doFinal
Source: com.lunabeestudio.framework.utils.CryptoManager$encrypt$ciphertext$1;->invoke:18API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.utils.CryptoManager$encrypt$ciphertext$1;->invoke:21API Call: javax.crypto.Cipher.doFinal
Source: com.lunabeestudio.framework.utils.CryptoManager;->getAesGcmLocalProtectionKey:41API Call: javax.crypto.KeyGenerator.generateKey
Source: com.lunabeestudio.framework.utils.CryptoManager;->getAesGcmLocalProtectionKey:55API Call: javax.crypto.Cipher.getInstance
Source: com.lunabeestudio.framework.utils.CryptoManager;->getAesGcmLocalProtectionKey:56API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.utils.CryptoManager;->getAesGcmLocalProtectionKey:102API Call: javax.crypto.Cipher.getInstance
Source: com.lunabeestudio.framework.utils.CryptoManager;->getAesGcmLocalProtectionKey:104API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.utils.CryptoManager;->createCipherInputStream:118API Call: javax.crypto.Cipher.getInstance
Source: com.lunabeestudio.framework.utils.CryptoManager;->createCipherInputStream:122API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.utils.CryptoManager;->createCipherOutputStream:130API Call: javax.crypto.Cipher.getInstance
Source: com.lunabeestudio.framework.utils.CryptoManager;->createCipherOutputStream:133API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.utils.CryptoManager;->createCipherOutputStream:142API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.utils.CryptoManager;->decrypt:159API Call: javax.crypto.Cipher.getInstance
Source: com.lunabeestudio.framework.utils.CryptoManager;->encrypt:183API Call: javax.crypto.Cipher.getInstance

Malware Analysis System Evasion:

barindex
Tries to detect Android x86Show sources
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "Android SDK built for x86"
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "sdk_x86"
Tries to detect the analysis device (e.g. the Android emulator)Show sources
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "Emulator"
Accesses android OS build fieldsShow sources
Source: androidx.appcompat.app.AppCompatDelegateImpl;-><clinit>:2Field Access: android.os.Build.FINGERPRINT
Source: com.journeyapps.barcodescanner.camera.CameraManager;->setDesiredParameters:167Field Access: android.os.Build.DEVICE
Source: com.lunabeestudio.framework.ble.extension.RobertBleSettingsExtKt;->toBleSettings:16Field Access: android.os.Build.MODEL
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:5Field Access: android.os.Build.BRAND
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:10Field Access: android.os.Build.DEVICE
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:14Field Access: android.os.Build.FINGERPRINT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:18Field Access: android.os.Build.FINGERPRINT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:31Field Access: android.os.Build.MODEL
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:36Field Access: android.os.Build.MODEL
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:40Field Access: android.os.Build.MODEL
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:44Field Access: android.os.Build.MANUFACTURER
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:49Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:54Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:57Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:61Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:65Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:69Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:73Field Access: android.os.Build.PRODUCT
Source: com.google.android.material.textfield.TextInputEditText;->onAttachedToWindow:31Field Access: android.os.Build.MANUFACTURER
Queries several sensitive phone informationsShow sources
Source: Landroidx/core/view/ViewConfigurationCompat;->shouldShowMenuShortcutsWhenKeyboardPresent(Landroid/view/ViewConfiguration;Landroid/content/Context;)ZMethod string: "android"
Source: Lcom/orange/proximitynotification/ProximityNotificationError;-><init>(Lcom/orange/proximitynotification/ProximityNotificationError$Type;Ljava/lang/Integer;Ljava/lang/String;I)VMethod string: "type"
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "sdk"
Source: Lcom/lunabeestudio/domain/model/ServerStatusUpdate;-><init>(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "time"
Tries to detect VirtualboxShow sources
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "vbox86p"
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "vbox86p"

Stealing of Sensitive Information:

barindex
Queries camera informationShow sources
Source: com.journeyapps.barcodescanner.camera.CameraManager;->open:37API Call: android.hardware.Camera.open
Source: com.journeyapps.barcodescanner.camera.CameraManager;->open:41API Call: android.hardware.Camera.getCameraInfo
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->getCameraId:1API Call: android.hardware.Camera.getNumberOfCameras
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->getCameraId:6API Call: android.hardware.Camera.getCameraInfo
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION

Malware Configuration

No configs have been found

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
stopcovid-release.apk0%VirustotalBrowse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://fakeurl.fr/strings-en.json0%Avira URL Cloudsafe
https://fakeurl.fr/0%Avira URL Cloudsafe
https://fakeurl.fr//0%Avira URL Cloudsafe
https://fakeurl.fr/privacy-en.json0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
64.233.184.188Immuni-1.0.0build1000000-debug.apkGet hashmaliciousBrowse
    com.mtni.myirancell_2020-04-21.apkGet hashmaliciousBrowse
      Document from RKGet hashmaliciousBrowse
        hh7EkJcc7M.apkGet hashmaliciousBrowse
          KURoGDcBE5Get hashmaliciousBrowse
            com.android.telephone.apkGet hashmaliciousBrowse
              Crane.apkGet hashmaliciousBrowse
                com.tdo.showbox_v5.08-115_Android-4.0.apkGet hashmaliciousBrowse
                  5i412LHSO6.apkGet hashmaliciousBrowse
                    testandroid.apkGet hashmaliciousBrowse
                      100 Doors Escape Ghosts and Vampires_v1.1_apkpure.com.apkGet hashmaliciousBrowse
                        paypal.apkGet hashmaliciousBrowse
                          testandroid.apkGet hashmaliciousBrowse
                            11641_201608171833.apkGet hashmaliciousBrowse
                              base.apkGet hashmaliciousBrowse
                                base.apkGet hashmaliciousBrowse
                                  com.yixia.videomaster.apkGet hashmaliciousBrowse
                                    vpn.apkGet hashmaliciousBrowse
                                      p9fHeuVJSH.apkGet hashmaliciousBrowse
                                        fw8Uas2JvjGet hashmaliciousBrowse

                                          Domains

                                          No context

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          unknowninform-2020-05-22_1479594.xlsGet hashmaliciousBrowse
                                          • 104.27.154.5
                                          inform-2020-05-22_1479594.xlsGet hashmaliciousBrowse
                                          • 104.27.154.5
                                          http://www.tokyo-takumikaban.jp//#marco.generoso@e-secure.chGet hashmaliciousBrowse
                                          • 157.7.107.60
                                          https://peninsulaparklands.com.au/Unsubscribe.php?id=q93bxhxy8voxnnkq1zdbiv0fdtw6mgxdp1pminlriao6x9wy8aar6a6j32qqjn49otw7giyzsm5pv1o3czvia12d4t4ng8x51tdGet hashmaliciousBrowse
                                          • 52.62.233.197
                                          http://tinyurl.com/yatvvyusGet hashmaliciousBrowse
                                          • 104.16.132.229
                                          Dateien_05.20.docGet hashmaliciousBrowse
                                          • 185.98.87.201
                                          det_-4294054.xlsGet hashmaliciousBrowse
                                          • 104.31.88.81
                                          Dateien_05.20.docGet hashmaliciousBrowse
                                          • 185.98.87.201
                                          det_-4294054.xlsGet hashmaliciousBrowse
                                          • 104.28.9.188
                                          https://verzaton.com.ph/shop/accessories/keyboards/rakk-lam-ang-pro-rgb-mechanical-keyboard-kailh-speed-bronze/Get hashmaliciousBrowse
                                          • 104.16.132.229
                                          Ssvc.com.htmGet hashmaliciousBrowse
                                          • 104.16.124.96
                                          Dateien_05.20.docGet hashmaliciousBrowse
                                          • 185.98.87.201
                                          Scanned documents.docxGet hashmaliciousBrowse
                                          • 104.31.73.166
                                          https://kog.chfs.ky.gov/request/AddRole.aspx?ContextID=3bc04fcf-3719-4e16-81cf-9eabce58514a&d=DwMGaQGet hashmaliciousBrowse
                                          • 134.209.226.211
                                          Scanned documents.docxGet hashmaliciousBrowse
                                          • 104.31.73.166
                                          https://download.bleepingcomputer.com/dl/4862d0b67b907cb60b28c8703b61f11b/5eccf97d/windows/security/security-utilities/r/rkill/rkill.exeGet hashmaliciousBrowse
                                          • 104.20.129.30
                                          Pruebadepago.exeGet hashmaliciousBrowse
                                          • 77.88.21.158
                                          Statement-56279.xlsGet hashmaliciousBrowse
                                          • 160.153.138.53
                                          record}.41585.xlsGet hashmaliciousBrowse
                                          • 160.153.138.53
                                          Statement-56279.xlsGet hashmaliciousBrowse
                                          • 160.153.138.53

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Screenshots

                                          Thumbnails

                                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.