Loading ...

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:233053
Start date:26.05.2020
Start time:15:39:48
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 9m 38s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:stopcovid-debug.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 6.0
APK Instrumentation enabled:true
Detection:MAL
Classification:mal56.evad.andAPK@0/252@2/0
Warnings:
Show All
  • An application runtime error occurred
  • Excluded IPs from analysis (whitelisted): 216.58.205.227, 172.217.23.168
  • Excluded domains from analysis (whitelisted): connectivitycheck.gstatic.com, ssl.google-analytics.com, ssl-google-analytics.l.google.com
  • No dynamic data available
  • No interacted views
  • No simulation commands forwarded to apk
  • Not all non-executed APIs are in report
  • Not all resource files were parsed
  • Not all resource strings were parsed
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold560 - 100falsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification Spiderchart

Analysis Advice




Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingSystem Network Connections Discovery1Application Deployment SoftwareLocation Tracking11Data CompressedStandard Non-Application Layer Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationDelete Device Data1
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingLocation Tracking11Remote ServicesNetwork Information Discovery2Exfiltration Over Other Network MediumStandard Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureSystem Information Discovery1Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationCustom Cryptographic ProtocolExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesProcess Discovery1Logon ScriptsInput CaptureData EncryptedMultiband CommunicationSIM Card SwapPremium SMS Toll Fraud

Signature Overview

Click to jump to signature section


Location Tracking:

barindex
Queries the phones location (GPS)Show sources
Source: androidx.appcompat.app.TwilightManager;->getLastKnownLocationForProvider:24API Call: android.location.LocationManager.getLastKnownLocation
Source: androidx.appcompat.app.TwilightManager;->updateState:33API Call: android.location.Location.getLatitude
Source: androidx.appcompat.app.TwilightManager;->updateState:34API Call: android.location.Location.getLongitude
Source: androidx.appcompat.app.TwilightManager;->updateState:36API Call: android.location.Location.getLatitude
Source: androidx.appcompat.app.TwilightManager;->updateState:37API Call: android.location.Location.getLongitude
Source: androidx.appcompat.app.TwilightManager;->updateState:39API Call: android.location.Location.getLatitude
Source: androidx.appcompat.app.TwilightManager;->updateState:40API Call: android.location.Location.getLongitude
Source: androidx.core.location.LocationKt;->component1:3API Call: android.location.Location.getLatitude
Source: androidx.core.location.LocationKt;->component2:6API Call: android.location.Location.getLongitude

Spreading:

barindex
Accesses external storage locationShow sources
Source: androidx.core.content.FileProvider;->parsePathStrategy:63API Call: android.os.Environment.getExternalStorageDirectory
Source: androidx.core.os.EnvironmentCompat;->getStorageState:2API Call: android.os.Environment.getExternalStorageState
Source: androidx.core.os.EnvironmentCompat;->getStorageState:5API Call: android.os.Environment.getExternalStorageDirectory
Source: androidx.core.os.EnvironmentCompat;->getStorageState:8API Call: android.os.Environment.getExternalStorageState

Networking:

barindex
Checks an internet connection is availableShow sources
Source: androidx.core.net.ConnectivityManagerCompat;->getNetworkInfoFromBroadcast:5API Call: android.net.ConnectivityManager.getNetworkInfo
Source: androidx.core.net.ConnectivityManagerCompat;->isActiveNetworkMetered:8API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Opens an internet connectionShow sources
Source: okhttp3.internal.platform.AndroidPlatform;->connectSocket:61API Call: java.net.Socket.connect (not executed)
Source: okhttp3.internal.platform.Platform;->connectSocket:33API Call: java.net.Socket.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketBase;->implConnect:25API Call: org.bouncycastle.jsse.provider.ProvSSLSocketBase.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketBase;->implConnect:27API Call: org.bouncycastle.jsse.provider.ProvSSLSocketBase.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketDirect;->connect:59API Call: org.bouncycastle.jsse.provider.ProvSSLSocketBase.connect (not executed)
Performs DNS lookups (Java API)Show sources
Source: com.google.gson.internal.bind.TypeAdapters$23;->read:7API Call: java.net.InetAddress.getByName (not executed)
Source: okhttp3.tls.internal.TlsUtil$localhost$2;->invoke:7API Call: java.net.InetAddress.getByName (not executed)
Source: org.bouncycastle.est.jcajce.JsseDefaultHostnameAuthorizer;->verify:77API Call: java.net.InetAddress.getByName (not executed)
Source: org.bouncycastle.est.jcajce.JsseDefaultHostnameAuthorizer;->verify:80API Call: java.net.InetAddress.getByName (not executed)
Source: okhttp3.Dns$Companion$DnsSystem;->lookup:4API Call: java.net.InetAddress.getAllByName (not executed)
Source: org.bouncycastle.jsse.provider.HostnameUtil;->checkHostname:11API Call: java.net.InetAddress.getByName (not executed)
Source: org.bouncycastle.jsse.provider.HostnameUtil;->checkHostname:12API Call: java.net.InetAddress.getByName (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketBase;->implConnect:22API Call: java.net.InetAddress.getByName (not executed)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)Show sources
Source: unknownDNS traffic detected: query: fakeurl.fr.example.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: fakeurl.fr replaycode: Name error (3)
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: fakeurl.fr
Urls found in memory or binary dataShow sources
Source: $sick__0.xmlString found in binary or memory: http://schemas.android.com/aapt
Source: standalone_badge_gravity_top_start.xml, activity_main.xml, mtrl_picker_header_title_text.xml, item_double_button.xml, nav_main.xml, androidString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: protect.xml, activity_main.xml, abc_btn_radio_material_anim.xml, abc_slide_in_top.xml, mtrl_picker_header_title_text.xml, tooltip_frame_dark.xml, text_view_without_line_height.xml, mtrl_calendar_month.xml, mtrl_alert_dialog_actions.xml, design_layout_snackbar_include.xml, abc_activity_chooser_view.xml, abc_screen_content_include.xml, notification.xml, $sick__0.xml, btn_checkbox_unchecked_to_checked_mtrl_animation.xml, abc_seekbar_track_material.xml, item_button.xml, btn_checkbox_to_checked_box_outer_merged_animation.xml, abc_action_menu_item_layout.xml, item_double_button.xml, test_toolbar_custom_background.xml, preference_widget_seekbar.xml, nav_main.xml, design_fab_show_motion_spec.xml, androidString found in binary or memory: http://schemas.android.com/apk/res/android
Source: NotoColorEmojiCompat.ttfString found in binary or memory: http://scripts.sil.org/OFL
Source: androidString found in binary or memory: http://www.bouncycastle.org)
Source: NotoColorEmojiCompat.ttfString found in binary or memory: http://www.google.com/get/noto/This
Source: source_context.protoString found in binary or memory: https://developers.google.com/protocol-buffers/
Source: classes5.dexString found in binary or memory: https://fakeurl.fr/
Source: androidString found in binary or memory: https://fakeurl.fr//
Source: androidString found in binary or memory: https://github.com/mikepenz/FastAdapter/blob/develop/library-core/src/main/java/com/mikepenz/fastada
Source: privacy-pt.jsonString found in binary or memory: https://gitlab.inria.fr/stopcovid19

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Has permission to take photosShow sources
Source: submitted apkRequest permission: android.permission.CAMERA

E-Banking Fraud:

barindex
Has functionalty to add an overlay to other appsShow sources
Source: androidx.appcompat.app.AppCompatDelegateImpl;->openPanel:349API Call: WindowManager.addView

Operating System Destruction:

barindex
Lists and deletes files in the same contextShow sources
Source: androidx.documentfile.provider.RawDocumentFile;->deleteContents:5API Calls in same method context: File.listFiles,File.delete
Source: okhttp3.internal.io.FileSystem$Companion$SYSTEM$1;->deleteContents:25API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: androidString found in binary or memory: keyguard
Acquires a wake lockShow sources
Source: androidx.core.app.JobIntentService$CompatWorkEnqueuer;->enqueueWork:27API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.core.app.JobIntentService$CompatWorkEnqueuer;->serviceProcessingFinished:29API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.core.app.JobIntentService$CompatWorkEnqueuer;->serviceProcessingStarted:33API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.work.impl.Processor;->startForeground:86API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.work.impl.background.systemalarm.DelayMetCommandHandler;->handleProcessWork:84API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.work.impl.background.systemalarm.SystemAlarmDispatcher$1;->run:36API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.work.impl.background.systemalarm.SystemAlarmDispatcher;->processCommand:36API Call: android.os.PowerManager$WakeLock.acquire

System Summary:

barindex
Requests to ignore battery optimizationsShow sources
Source: Lcom/lunabeestudio/stopcovid/manager/ProximityManager;->requestIgnoreBatteryOptimization(Landroidx/fragment/app/Fragment;)VMethod string: "android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"
Source: Lcom/lunabeestudio/stopcovid/manager/ProximityManager;->hasActivityToResolveIgnoreBatteryOptimization(Landroid/content/Context;)ZMethod string: "android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.BLUETOOTH
Source: submitted apkRequest permission: android.permission.BLUETOOTH_ADMIN
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Classification labelShow sources
Source: classification engineClassification label: mal56.evad.andAPK@0/252@2/0
Reads shares settingsShow sources
Source: androidx.core.app.AppLaunchChecker;->hasStartedFromLauncher:5API Call: android.content.SharedPreferences.getBoolean
Source: androidx.core.app.AppLaunchChecker;->onActivityCreate:9API Call: android.content.SharedPreferences.getBoolean
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getAtRisk:13API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getFilteringInfo:20API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getLastExposureTimeframe:29API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getProximityActive:35API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getSharedKey:42API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->isSick:52API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.stopcovid.extension.SharedPreferencesExtKt;->isOnBoardingDone:4API Call: android.content.SharedPreferences.getBoolean
Source: com.lunabeestudio.stopcovid.manager.AppMaintenanceManager;->retrieveLastMaintenanceJson:11API Call: android.content.SharedPreferences.getString
Source: androidx.preference.Preference;->getPersistedBoolean:144API Call: android.content.SharedPreferences.getBoolean
Source: androidx.preference.Preference;->getPersistedString:176API Call: android.content.SharedPreferences.getString
Source: androidx.preference.PreferenceManager;->setDefaultValues:18API Call: android.content.SharedPreferences.getBoolean
Registers a Sensor listener (to get data about accelerometer, gyrometer etc.)Show sources
Source: com.google.zxing.client.android.AmbientLightManager;->start:18API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Uses reflectionShow sources
Source: androidx.activity.ImmLeaksCleaner;->onStateChanged:17API Call: java.lang.reflect.Field.get
Source: androidx.activity.ImmLeaksCleaner;->onStateChanged:19API Call: java.lang.reflect.Field.get
Source: kotlinx.coroutines.android.AndroidExceptionPreHandler;->handleException:14API Call: java.lang.reflect.Method.invoke
Source: kotlinx.coroutines.android.HandlerDispatcherKt;->asHandler:15API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:26API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:28API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:32API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->getSelectedProtocol:39API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.CloseGuard;->createAndOpen:6API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.CloseGuard;->createAndOpen:9API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.CloseGuard;->warnIfOpen:12API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.ActivityRecreator$3;->run:8API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.ActivityRecreator$3;->run:13API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.ActivityRecreator;->queueOnStopIfNecessary:38API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator;->queueOnStopIfNecessary:40API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator;->recreate:53API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator;->recreate:55API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator;->recreate:68API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.BundleCompat$BundleCompatBaseImpl;->getBinder:9API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.BundleCompat$BundleCompatBaseImpl;->putBinder:19API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.NotificationCompatJellybean;->getAction:52API Call: java.lang.reflect.Field.get
Source: androidx.core.app.NotificationCompatJellybean;->getAction:54API Call: java.lang.reflect.Field.get
Source: androidx.core.app.NotificationCompatJellybean;->getActionObjectsLocked:86API Call: java.lang.reflect.Field.get
Source: androidx.core.app.NotificationCompatJellybean;->getExtras:134API Call: java.lang.reflect.Field.get
Source: androidx.core.app.NotificationManagerCompat;->areNotificationsEnabled:49API Call: java.lang.reflect.Field.get
Source: androidx.core.app.NotificationManagerCompat;->areNotificationsEnabled:53API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.ActionBarDrawerToggleHoneycomb;->setActionBarDescription:11API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.ActionBarDrawerToggleHoneycomb;->setActionBarUpIndicator:22API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.ActionBarDrawerToggleHoneycomb;->setActionBarUpIndicator:25API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatViewInflater$DeclaredOnClickListener;->onClick:40API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.ResourcesFlusher;->flushLollipops:12API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.ResourcesFlusher;->flushMarshmallows:23API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.ResourcesFlusher;->flushNougats:34API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.ResourcesFlusher;->flushNougats:44API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.ResourcesFlusher;->flushThemedResourcesCache:60API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1;->write:7API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1;->writeField:16API Call: java.lang.reflect.Field.get
Source: com.google.android.material.chip.Chip;->handleAccessibilityExit:79API Call: java.lang.reflect.Field.get
Source: com.google.android.material.chip.Chip;->handleAccessibilityExit:87API Call: java.lang.reflect.Method.invoke
Source: kotlinx.coroutines.CommonPool;->createPool:27API Call: java.lang.reflect.Method.invoke
Source: kotlinx.coroutines.CommonPool;->isGoodCommonPool$kotlinx_coroutines_core:64API Call: java.lang.reflect.Method.invoke
Source: com.google.android.material.drawable.DrawableUtils;->setRippleDrawableRadius:31API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.DrawableCompat;->getLayoutDirection:25API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.DrawableCompat;->setLayoutDirection:46API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->getResId:124API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->getResPackage:135API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.WrappedDrawableApi21;->isProjected:19API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->getType:155API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->getUri:178API Call: java.lang.reflect.Method.invoke
Source: org.bouncycastle.jcajce.provider.drbg.DRBG$2;->run:5API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi21Impl;->addFontWeightStyle:6API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi21Impl;->createFromFamiliesWithDefault:14API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi24Impl;->addFontWeightStyle:22API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi24Impl;->createFromFamiliesWithDefault:28API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->abortCreation:19API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi28Impl;->createFromFamiliesWithDefault:9API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->addFontFromAssetManager:27API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->addFontFromBuffer:33API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->freeze:36API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->createFromFamiliesWithDefault:51API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatBaseImpl;->getUniqueKey:18API Call: java.lang.reflect.Field.get
Source: com.google.gson.FieldAttributes;->get:4API Call: java.lang.reflect.Field.get
Source: kotlinx.coroutines.internal.ConcurrentKt;->removeFutureOnCancel:8API Call: java.lang.reflect.Method.invoke
Source: com.google.android.material.internal.StaticLayoutBuilderCompat;->createConstructorWithReflection:14API Call: java.lang.reflect.Field.get
Source: com.google.android.material.internal.ViewOverlayApi14$OverlayViewGroup;->invalidateChildInParentFast:79API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$2;->newInstance:5API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$3;->newInstance:4API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator;->create:25API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.UnsafeAllocator;->create:32API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.Util;->readFieldOrNull:314API Call: java.lang.reflect.Field.get
Source: kotlin.coroutines.jvm.internal.DebugMetadataKt;->getLabel:21API Call: java.lang.reflect.Field.get
Source: kotlin.coroutines.jvm.internal.ModuleNameRetriever;->getModuleName:27API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.ModuleNameRetriever;->getModuleName:29API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.ModuleNameRetriever;->getModuleName:31API Call: java.lang.reflect.Method.invoke
Source: kotlin.internal.PlatformImplementations;->addSuppressed:7API Call: java.lang.reflect.Method.invoke
Source: androidx.lifecycle.ClassesInfoCache$MethodReference;->invokeCallback:14API Call: java.lang.reflect.Method.invoke
Source: androidx.lifecycle.ClassesInfoCache$MethodReference;->invokeCallback:16API Call: java.lang.reflect.Method.invoke
Source: androidx.lifecycle.ClassesInfoCache$MethodReference;->invokeCallback:18API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.view.menu.MenuItemWrapperICS;->setExclusiveCheckable:98API Call: java.lang.reflect.Method.invoke
Source: androidx.navigation.NavArgsLazy;->getValue:23API Call: java.lang.reflect.Method.invoke
Source: androidx.core.os.TraceCompat;->beginAsyncSection:27API Call: java.lang.reflect.Method.invoke
Source: androidx.core.os.TraceCompat;->endAsyncSection:36API Call: java.lang.reflect.Method.invoke
Source: androidx.core.os.TraceCompat;->isEnabled:44API Call: java.lang.reflect.Method.invoke
Source: androidx.core.os.TraceCompat;->setCounter:53API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform$CustomTrustRootIndex;->findByIssuerAndSignature:26API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform$AlpnProvider;->invoke:44API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->afterHandshake:17API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->configureTlsExtensions:33API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->getSelectedProtocol:40API Call: java.lang.reflect.Method.invoke
Source: androidx.core.content.pm.ShortcutManagerCompat;->getShortcutInfoSaverInstance:38API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.ExtensionRegistryFactory;->invokeSubclassFactory:11API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.ExtensionRegistryLite;->add:25API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.GeneratedMessageLite$SerializedForm;->readResolveFallback:10API Call: java.lang.reflect.Field.get
Source: com.google.protobuf.GeneratedMessageLite$SerializedForm;->readResolve:47API Call: java.lang.reflect.Field.get
Source: com.google.protobuf.GeneratedMessageLite;->invokeOrDie:48API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.Internal;->getDefaultInstance:44API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.ManifestSchemaFactory;->getDescriptorMessageInfoFactory:14API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.UnsafeUtil$1;->run:5API Call: java.lang.reflect.Field.get
Source: com.google.protobuf.UnsafeUtil$Android32MemoryAccessor;->getStaticObject:15API Call: java.lang.reflect.Field.get
Source: com.google.protobuf.UnsafeUtil$Android64MemoryAccessor;->getStaticObject:15API Call: java.lang.reflect.Field.get
Source: org.bouncycastle.jsse.provider.ReflectionUtil$6;->run:5API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->getUnsafeInstance:11API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->makeAccessibleWithUnsafe:29API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->makeAccessibleWithUnsafe:39API Call: java.lang.reflect.Method.invoke
Source: androidx.core.content.res.ResourcesCompat$ThemeCompat$ImplApi23;->rebase:12API Call: java.lang.reflect.Method.invoke
Source: retrofit2.Retrofit$1;->invoke:4API Call: java.lang.reflect.Method.invoke
Source: org.bouncycastle.jcajce.provider.symmetric.GcmSpecUtil;->extractGcmParameters:10API Call: java.lang.reflect.Method.invoke
Source: org.bouncycastle.jcajce.provider.symmetric.GcmSpecUtil;->extractGcmParameters:11API Call: java.lang.reflect.Method.invoke
Source: androidx.core.text.ICUCompat;->addLikelySubtags:17API Call: java.lang.reflect.Method.invoke
Source: androidx.core.text.ICUCompat;->getScript:23API Call: java.lang.reflect.Method.invoke
Source: androidx.core.text.ICUCompat;->maximizeAndGetScript:31API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Installs an application shortcut on the screenShow sources
Source: androidx.core.content.pm.ShortcutInfoCompat;->addToIntent:32API Call: android.content.Intent.putExtra android.intent.extra.shortcut.INTENT

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: androidx.core.app.JobIntentService$CompatWorkEnqueuer;-><init>:11API Call: android.os.PowerManager.newWakeLock
Source: androidx.core.app.JobIntentService$CompatWorkEnqueuer;-><init>:19API Call: android.os.PowerManager.newWakeLock
Starts/registers a service/receiver on phone boot (autostart)Show sources
Source: androidx.work.impl.background.systemalarm.RescheduleReceiver;->onReceive:17API Call: android.content.Context.startService (not executed)

Hooking and other Techniques for Hiding and Protection:

barindex
Has permission to use bluetooth to discover and pair with other devicesShow sources
Source: submitted apkRequest permission: android.permission.BLUETOOTH_ADMIN
Queries list of running processes/tasksShow sources
Source: androidx.work.impl.background.greedy.GreedyScheduler;->getProcessName:14API Call: android.app.ActivityManager.getRunningAppProcesses
Uses Crypto APIsShow sources
Source: org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi;->makePBECipher:235API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi;->createCipher:111API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi;->decryptData:156API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi;->decryptData:157API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi;->getEncryptedObjectStoreData:359API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi;->getEncryptedObjectStoreData:372API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi;->engineSetKeyEntry:780API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi;->engineSetKeyEntry:791API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi;->engineSetKeyEntry:840API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.jcajce.provider.keystore.bcfks.BcFKSKeyStoreSpi;->engineSetKeyEntry:852API Call: javax.crypto.Cipher.doFinal
Source: com.lunabeestudio.stopcovid.fragment.ProximityFragment;->injectWebView:138API Call: java.security.MessageDigest.getInstance
Source: com.lunabeestudio.stopcovid.fragment.ProximityFragment;->injectWebView:143API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.jcajce.io.CipherInputStream;->finaliseCipher:3API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.jcajce.io.CipherOutputStream;->close:3API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.jcajce.io.DigestUpdatingOutputStream;->write:3API Call: java.security.MessageDigest.update
Source: org.bouncycastle.jcajce.io.DigestUpdatingOutputStream;->write:5API Call: java.security.MessageDigest.update
Source: org.bouncycastle.jcajce.io.DigestUpdatingOutputStream;->write:7API Call: java.security.MessageDigest.update
Source: org.bouncycastle.cms.jcajce.EnvelopedDataHelper$1;->doInJCE:18API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.EnvelopedDataHelper$1;->doInJCE:35API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.EnvelopedDataHelper$1;->doInJCE:45API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.EnvelopedDataHelper$1;->doInJCE:48API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder$CMSOutputEncryptor;-><init>:9API Call: javax.crypto.KeyGenerator.generateKey
Source: org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder$CMSOutputEncryptor;-><init>:15API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.JceCMSMacCalculatorBuilder$CMSMacCalculator;-><init>:7API Call: javax.crypto.KeyGenerator.generateKey
Source: org.bouncycastle.cms.jcajce.JceKeyAgreeRecipient;->extractSecretKey:108API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.JceKeyAgreeRecipient;->unwrapSessionKey:149API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;->generateRecipientEncryptedKeys:101API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;->generateRecipientEncryptedKeys:109API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.JceKeyTransRecipient;->extractSecretKey:35API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.JcePasswordRecipient;->extractSecretKey:16API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cms.jcajce.JcePasswordRecipientInfoGenerator;->generateEncryptedBytes:18API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cert.crmf.jcajce.CRMFHelper$1;->doInJCE:16API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cert.crmf.jcajce.CRMFHelper$1;->doInJCE:33API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cert.crmf.jcajce.CRMFHelper$1;->doInJCE:41API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cert.crmf.jcajce.CRMFHelper$1;->doInJCE:44API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cert.crmf.jcajce.JceCRMFEncryptorBuilder$CRMFOutputEncryptor;-><init>:11API Call: javax.crypto.KeyGenerator.generateKey
Source: org.bouncycastle.cert.crmf.jcajce.JceCRMFEncryptorBuilder$CRMFOutputEncryptor;-><init>:17API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator;->calculateDigest:5API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils$SHA1DigestCalculator;->getDigest:8API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;-><init>:2API Call: java.security.MessageDigest.getInstance
Source: org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1;->get:36API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1;->get:51API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;->build:83API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;->build:106API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.openssl.jcajce.PEMUtilities;->crypt:224API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.openssl.jcajce.PEMUtilities;->crypt:225API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.openssl.jcajce.PEMUtilities;->crypt:226API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder$DigestOutputStream;->getDigest:3API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder$DigestOutputStream;->write:5API Call: java.security.MessageDigest.update
Source: org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder$DigestOutputStream;->write:7API Call: java.security.MessageDigest.update
Source: org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder$DigestOutputStream;->write:9API Call: java.security.MessageDigest.update
Source: org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper;->generateUnwrappedKey:14API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper;->generateUnwrappedKey:16API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper;->generateUnwrappedKey:23API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper;->generateUnwrappedKey:24API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.operator.jcajce.JceInputDecryptorProviderBuilder$1;->get:17API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceKTSKeyUnwrapper;->generateUnwrappedKey:35API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceKTSKeyWrapper;->generateWrappedKey:36API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceSymmetricKeyUnwrapper;->generateUnwrappedKey:9API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper;->generateWrappedKey:241API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceSymmetricKeyWrapper;->generateWrappedKey:50API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper;->generateWrappedKey:267API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper;->generateWrappedKey:270API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper;->generateWrappedKey:275API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper;->generateWrappedKey:278API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder$1;->get:20API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder$1;->get:96API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder$1;->get:107API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder$1;->get:109API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder$1;->get:115API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder$1;->get:141API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder;->build:44API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder;->build:83API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder;->build:115API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto$4;->encrypt:7API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto$4;->encrypt:14API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto$4;->encrypt:15API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider$NonceEntropySource$NonceEntropySourceSpi;->runDigest:5API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider$NonceEntropySource$NonceEntropySourceSpi;->runDigest:7API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider$NonceEntropySource$NonceEntropySourceSpi;->runDigest:9API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsHash;->calculateHash:3API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsHash;->update:12API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherImpl;->doFinal:7API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceAEADCipherImpl;->doFinal:16API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherImpl;->init:15API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherWithCBCImplicitIVImpl;->doFinal:6API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceAEADCipherImpl;->init:30API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherWithCBCImplicitIVImpl;->doFinal:15API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceAEADCipherImpl;->init:36API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceChaCha20Poly1305;->init:44API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceChaCha20Poly1305;->runCipher:55API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;->safeDecryptPreMasterSecret:32API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;->safeDecryptPreMasterSecret:33API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf_SSL:65API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf_SSL:68API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf_SSL:69API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf_SSL:70API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf_SSL:73API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf_SSL:74API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf_SSL:75API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf_SSL:77API Call: java.security.MessageDigest.digest
Source: okio.Buffer;->digest:5API Call: java.security.MessageDigest.getInstance
Source: okio.Buffer;->digest:8API Call: java.security.MessageDigest.update
Source: okio.Buffer;->digest:12API Call: java.security.MessageDigest.update
Source: okio.Buffer;->digest:15API Call: java.security.MessageDigest.digest
Source: okio.ByteString;->digest$okio:76API Call: java.security.MessageDigest.getInstance
Source: okio.ByteString;->digest$okio:78API Call: java.security.MessageDigest.digest
Source: okio.HashingSink;-><init>:7API Call: java.security.MessageDigest.getInstance
Source: okio.HashingSink;->hash:36API Call: java.security.MessageDigest.digest
Source: okio.HashingSink;->write:52API Call: java.security.MessageDigest.update
Source: okio.HashingSource;-><init>:7API Call: java.security.MessageDigest.getInstance
Source: okio.HashingSource;->hash:36API Call: java.security.MessageDigest.digest
Source: okio.HashingSource;->read:55API Call: java.security.MessageDigest.update
Source: okio.SegmentedByteString;->digest$okio:24API Call: java.security.MessageDigest.getInstance
Source: okio.SegmentedByteString;->digest$okio:29API Call: java.security.MessageDigest.update
Source: okio.SegmentedByteString;->digest$okio:30API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;->createCipher:62API Call: javax.crypto.Cipher.getInstance
Source: org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;->createCipher:72API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;->cryptData:436API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;->cryptData:437API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;->cryptData:447API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;->unwrapKey:967API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;->wrapKey:996API Call: javax.crypto.Cipher.init

Malware Analysis System Evasion:

barindex
Tries to detect Android x86Show sources
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "Android SDK built for x86"
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "sdk_x86"
Tries to detect the analysis device (e.g. the Android emulator)Show sources
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "Emulator"
Accesses android OS build fieldsShow sources
Source: androidx.appcompat.app.AppCompatDelegateImpl;-><clinit>:2Field Access: android.os.Build.FINGERPRINT
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:12Field Access: android.os.Build.BOARD
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:17Field Access: android.os.Build.BRAND
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:22Field Access: android.os.Build.CPU_ABI
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:27Field Access: android.os.Build.DEVICE
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:32Field Access: android.os.Build.DISPLAY
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:37Field Access: android.os.Build.FINGERPRINT
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:42Field Access: android.os.Build.HOST
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:47Field Access: android.os.Build.ID
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:52Field Access: android.os.Build.MANUFACTURER
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:57Field Access: android.os.Build.MODEL
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:62Field Access: android.os.Build.PRODUCT
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:67Field Access: android.os.Build.TAGS
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:76Field Access: android.os.Build.TYPE
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:81Field Access: android.os.Build.USER
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:96Field Access: android.os.Build$VERSION.RELEASE
Source: com.journeyapps.barcodescanner.camera.CameraManager;->setDesiredParameters:74Field Access: android.os.Build.DEVICE
Source: com.lunabeestudio.framework.ble.extension.RobertBleSettingsExtKt;->toBleSettings:20Field Access: android.os.Build.MODEL
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:5Field Access: android.os.Build.BRAND
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:10Field Access: android.os.Build.DEVICE
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:14Field Access: android.os.Build.FINGERPRINT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:18Field Access: android.os.Build.FINGERPRINT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:31Field Access: android.os.Build.MODEL
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:36Field Access: android.os.Build.MODEL
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:40Field Access: android.os.Build.MODEL
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:44Field Access: android.os.Build.MANUFACTURER
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:49Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:54Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:57Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:61Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:65Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:69Field Access: android.os.Build.PRODUCT
Source: com.lunabeestudio.stopcovid.fragment.OnBoardingBatteryFragment;->isEmulator:73Field Access: android.os.Build.PRODUCT
Source: com.google.android.material.internal.ManufacturerUtils;->isLGEDevice:2Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.material.internal.ManufacturerUtils;->isMeizuDevice:7Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.material.internal.ManufacturerUtils;->isSamsungDevice:12Field Access: android.os.Build.MANUFACTURER
Potential date aware sample foundShow sources
Source: org.bouncycastle.cert.X509AttributeCertificateHolder;->isValidOn:134API Call: java.util.Date.after
Source: org.bouncycastle.cert.X509CertificateHolder;->isValidOn:102API Call: java.util.Date.after
Source: org.bouncycastle.pkix.jcajce.PKIXCRLUtil;->findCRLs:23API Call: java.util.Date.after
Source: org.bouncycastle.pkix.jcajce.X509RevocationChecker;->downloadCRLs:53API Call: java.util.Date.after
Source: org.bouncycastle.jce.provider.PKIXCRLUtil;->findCRLs:23API Call: java.util.Date.after
Queries several sensitive phone informationsShow sources
Source: Landroidx/core/graphics/drawable/IconCompat;->getResources(Landroid/content/Context;Ljava/lang/String;)Landroid/content/res/Resources;Method string: "android"
Source: Lkotlin/reflect/KTypeProjection$Companion;->invariant(Lkotlin/reflect/KType;)Lkotlin/reflect/KTypeProjection;Method string: "type"
Source: Landroidx/core/content/ContextCompat$LegacyServiceMapHolder;-><clinit>()VMethod string: "phone"
Source: Lcom/lunabeestudio/domain/model/ServerStatusUpdate;-><init>(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "time"
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "sdk"
Tries to detect VirtualboxShow sources
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "vbox86p"
Source: Lcom/lunabeestudio/stopcovid/fragment/OnBoardingBatteryFragment;->isEmulator()ZMethod string: "vbox86p"

Stealing of Sensitive Information:

barindex
Uses accessibility services (likely to control other applications)Show sources
Source: androidx.core.view.accessibility.AccessibilityNodeInfoCompat;->findAccessibilityNodeInfosByText:154API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Queries camera informationShow sources
Source: com.journeyapps.barcodescanner.camera.CameraManager;->open:145API Call: android.hardware.Camera.getCameraInfo
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->getCameraId:3API Call: android.hardware.Camera.getNumberOfCameras
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->getCameraId:8API Call: android.hardware.Camera.getCameraInfo
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->open:10API Call: android.hardware.Camera.open
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION

Malware Configuration

No configs have been found

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.bouncycastle.org)0%Avira URL Cloudsafe
https://fakeurl.fr/0%Avira URL Cloudsafe
https://fakeurl.fr//0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
64.233.166.188ElitModel.apkGet hashmaliciousBrowse
    Yh4zEPsDY6Get hashmaliciousBrowse
      app-debug.apkGet hashmaliciousBrowse
        app-debug.apkGet hashmaliciousBrowse
          N8w28SvXdmGet hashmaliciousBrowse
            c12N4KrMVCGet hashmaliciousBrowse
              ToothFairyHorseCaringPonyBeautyAdventure_v2.3.13_apkpure.com.apkGet hashmaliciousBrowse
                duowei_v3.1.0_apkpure.com.apkGet hashmaliciousBrowse
                  AvitoPayx.apkGet hashmaliciousBrowse
                    black-market.apkGet hashmaliciousBrowse
                      mobile-btc-credit-app.apkGet hashmaliciousBrowse
                        AtoZ_Downloader.apkGet hashmaliciousBrowse
                          Titan Evolution World_v2.2.0_apkpure.com.apkGet hashmaliciousBrowse
                            asdsad.apkGet hashmaliciousBrowse
                              sample_1527082677.6131487.apkGet hashmaliciousBrowse
                                testandroid.apkGet hashmaliciousBrowse
                                  broadlink.apkGet hashmaliciousBrowse
                                    cReKd8C5fwGet hashmaliciousBrowse
                                      com.swl.market.apkGet hashmaliciousBrowse
                                        SuperMarioRun.apkGet hashmaliciousBrowse

                                          Domains

                                          No context

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          unknownorder_45781.xlsGet hashmaliciousBrowse
                                          • 160.153.138.53
                                          INVOICE.xlsxGet hashmaliciousBrowse
                                          • 216.170.126.22
                                          order_45781.xlsGet hashmaliciousBrowse
                                          • 160.153.138.53
                                          stopcovid-release.apkGet hashmaliciousBrowse
                                          • 64.233.184.188
                                          http://r20.rs6.net/tn.jsp?f=0012FIsUVW9h8o1BPD1dqMexUMbctY13pAvKyNBuOkwzNNT424sVphqeAhVd0SUp94LjE5QecP8jdc-XJ7scHsYfP-Myx831mYoij8pr1gHcwO6CNTPjHoYG79S4gTR9eogu27vss1RCl7E5ytNdluHQ8cvWG3E40Sz&c=IkxAO07LX_z184DJ57lRnEpdNc8Y_JTvhY8q3sQ3DG0bJZzcRaK-sQ==&ch=b_YlgSYxBlkvZueYWOf38V1MpXycnYY7-ZWYaRl9M7HZityJuptOWQ==Get hashmaliciousBrowse
                                          • 104.16.133.229
                                          inform-2020-05-22_1479594.xlsGet hashmaliciousBrowse
                                          • 104.27.154.5
                                          inform-2020-05-22_1479594.xlsGet hashmaliciousBrowse
                                          • 104.27.154.5
                                          http://www.tokyo-takumikaban.jp//#marco.generoso@e-secure.chGet hashmaliciousBrowse
                                          • 157.7.107.60
                                          https://peninsulaparklands.com.au/Unsubscribe.php?id=q93bxhxy8voxnnkq1zdbiv0fdtw6mgxdp1pminlriao6x9wy8aar6a6j32qqjn49otw7giyzsm5pv1o3czvia12d4t4ng8x51tdGet hashmaliciousBrowse
                                          • 52.62.233.197
                                          http://tinyurl.com/yatvvyusGet hashmaliciousBrowse
                                          • 104.16.132.229
                                          Dateien_05.20.docGet hashmaliciousBrowse
                                          • 185.98.87.201
                                          det_-4294054.xlsGet hashmaliciousBrowse
                                          • 104.31.88.81
                                          Dateien_05.20.docGet hashmaliciousBrowse
                                          • 185.98.87.201
                                          det_-4294054.xlsGet hashmaliciousBrowse
                                          • 104.28.9.188
                                          https://verzaton.com.ph/shop/accessories/keyboards/rakk-lam-ang-pro-rgb-mechanical-keyboard-kailh-speed-bronze/Get hashmaliciousBrowse
                                          • 104.16.132.229
                                          Ssvc.com.htmGet hashmaliciousBrowse
                                          • 104.16.124.96
                                          Dateien_05.20.docGet hashmaliciousBrowse
                                          • 185.98.87.201
                                          Scanned documents.docxGet hashmaliciousBrowse
                                          • 104.31.73.166
                                          https://kog.chfs.ky.gov/request/AddRole.aspx?ContextID=3bc04fcf-3719-4e16-81cf-9eabce58514a&d=DwMGaQGet hashmaliciousBrowse
                                          • 134.209.226.211
                                          Scanned documents.docxGet hashmaliciousBrowse
                                          • 104.31.73.166

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Screenshots

                                          Thumbnails

                                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.