Loading ...

General Information

Joe Sandbox Version:29.0.0 Ocean Jasper
Analysis ID:238851
Start date:16.06.2020
Start time:13:25:05
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 9m 35s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:stopcovid-1.0.1-PlayStore.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 6.0
APK Instrumentation enabled:true
Detection:SUS
Classification:sus28.andAPK@0/251@0/0
Warnings:
Show All
  • Excluded IPs from analysis (whitelisted): 172.217.23.131, 172.217.22.8
  • Excluded domains from analysis (whitelisted): connectivitycheck.gstatic.com, ssl.google-analytics.com, ssl-google-analytics.l.google.com
  • No interacted views
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all non-executed APIs are in report
  • Not all resource files were parsed
  • Not all resource strings were parsed
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold280 - 100falsesuspicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification Spiderchart

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingSystem Network Connections Discovery1Application Deployment SoftwareLocation Tracking11Data CompressedData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingLocation Tracking11Remote ServicesNetwork Information Discovery2Exfiltration Over Other Network MediumFallback ChannelsExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureProcess Discovery1Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationCustom Cryptographic ProtocolExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Signature Overview

Click to jump to signature section


Location Tracking:

barindex
Queries the phones location (GPS)Show sources
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:29API Call: android.location.Location.getLatitude
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:30API Call: android.location.Location.getLongitude
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:32API Call: android.location.Location.getLatitude
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:33API Call: android.location.Location.getLongitude
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:35API Call: android.location.Location.getLatitude
Source: androidx.appcompat.app.AppCompatDelegateImpl$AutoTimeNightModeManager;->getApplyableNightMode:36API Call: android.location.Location.getLongitude
Source: androidx.appcompat.app.TwilightManager;->getLastKnownLocationForProvider:6API Call: android.location.LocationManager.getLastKnownLocation

Exploits:

barindex
Might use exploit to break dedexer toolsShow sources
Source: stopcovid-1.0.1-PlayStore.apkCode Location: Lorg/bouncycastle/tls/TlsServerProtocol;.handleHandshakeMessage(SLorg/bouncycastle/tls/HandshakeMessageInput;)V

Networking:

barindex
Checks an internet connection is availableShow sources
Source: androidx.work.impl.constraints.trackers.NetworkStateTracker;->getActiveNetworkState:11API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: androidx.work.impl.constraints.trackers.NetworkStateTracker;->getActiveNetworkState:12API Call: android.net.NetworkInfo.isConnected
Opens an internet connectionShow sources
Source: okhttp3.internal.platform.AndroidPlatform;->connectSocket:69API Call: java.net.Socket.connect (not executed)
Source: okhttp3.internal.platform.Platform;->connectSocket:101API Call: java.net.Socket.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketBase;->implConnect:17API Call: javax.net.ssl.SSLSocket.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketDirect;-><init>:28API Call: javax.net.ssl.SSLSocket.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketDirect;-><init>:37API Call: javax.net.ssl.SSLSocket.connect (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketDirect;->connect:63API Call: javax.net.ssl.SSLSocket.connect (not executed)
Performs DNS lookups (Java API)Show sources
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->checkHostname:754API Call: java.net.InetAddress.getByName (not executed)
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->checkHostname:755API Call: java.net.InetAddress.getByName (not executed)
Source: com.google.gson.internal.bind.TypeAdapters$23;->read:6API Call: java.net.InetAddress.getByName (not executed)
Source: okhttp3.tls.internal.TlsUtil$localhost$2;->invoke:5API Call: java.net.InetAddress.getByName (not executed)
Source: okhttp3.Dns$Companion$DnsSystem;->lookup:2API Call: java.net.InetAddress.getAllByName (not executed)
Source: org.bouncycastle.jsse.provider.ProvSSLSocketBase;->implConnect:14API Call: java.net.InetAddress.getByName (not executed)
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.76.188
Urls found in memory or binary dataShow sources
Source: $avd_show_password__2.xmlString found in binary or memory: http://schemas.android.com/aapt
Source: layout_button_bottom_sheet.xml, standalone_badge_gravity_bottom_end.xml, abc_tint_seek_thumb.xml, fragment_qr_code.xml, item_number.xml, activity_main.xml, design_appbar_state_list_animator.xml, mtrl_picker_header_fullscreen.xml, nav_on_boarding.xml, androidString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: mtrl_outlined_stroke_color.xml, layout_button_bottom_sheet.xml, abc_screen_simple.xml, diagnosis.xml, preference_widget_seekbar.xml, test_reflow_chipgroup.xml, mtrl_fab_transformation_sheet_expand_spec.xml, abc_btn_check_material_anim.xml, zxing_barcode_scanner.xml, $avd_show_password__2.xml, text_view_without_line_height.xml, abc_tint_seek_thumb.xml, abc_btn_colored_material.xml, fragment_qr_code.xml, btn_checkbox_checked_to_unchecked_mtrl_animation.xml, btn_checkbox_to_checked_box_outer_merged_animation.xml, item_number.xml, abc_alert_dialog_button_bar_material.xml, design_text_input_start_icon.xml, mtrl_extended_fab_state_list_animator.xml, item_button.xml, design_layout_snackbar.xml, activity_main.xml, fragment_recycler_view.xml, activity_app_maintenance.xml, design_appbar_state_list_animator.xml, item_edit_text.xml, mtrl_calendar_month.xml, mtrl_picker_header_fullscreen.xml, test_toolbar.xml, mtrl_fab_show_motion_spec.xml, nav_on_boarding.xml, abc_dialog_title_material.xml, design_bottom_navigation_item.xml, abc_seekbar_thumb_material.xml, btn_radio_off_to_on_mtrl_animation.xml, ic_launcher.xml, androidString found in binary or memory: http://schemas.android.com/apk/res/android
Source: api.protoString found in binary or memory: http://semver.org)
Source: LICENSE_UNICODEString found in binary or memory: http://www.unicode.org/copyright.html.
Source: androidString found in binary or memory: https://api.stopcovid.gouv.fr
Source: strings-ar.json, androidString found in binary or memory: https://app.stopcovid.gouv.fr/json/version-21/devices.html
Source: androidString found in binary or memory: https://app.stopcovid.gouv.fr/json/version-22/
Source: androidString found in binary or memory: https://app.stopcovid.gouv.fr/json/version-22/cnil.html
Source: androidString found in binary or memory: https://app.stopcovid.gouv.fr/json/version-22/config.json
Source: androidString found in binary or memory: https://app.stopcovid.gouv.fr/maintenance/info-maintenance-v2.json
Source: strings-ar.json, androidString found in binary or memory: https://bonjour.stopcovid.gouv.fr/
Source: androidString found in binary or memory: https://bonjour.stopcovid.gouv.fr/stopcovid.html
Source: api.protoString found in binary or memory: https://cloud.google.com/apis/design/glossary
Source: source_context.protoString found in binary or memory: https://developers.google.com/protocol-buffers/
Source: androidString found in binary or memory: https://github.com/mikepenz/FastAdapter/blob/develop/library-core/src/main/java/com/mikepenz/fastada
Source: androidString found in binary or memory: https://gitlab.inria.fr/stopcovid19/accueil
Source: strings-ar.json, androidString found in binary or memory: https://maladiecoronavirus.fr/se-tester
Source: strings-ar.json, androidString found in binary or memory: https://mesconseilscovid.sante.gouv.fr/
Source: androidString found in binary or memory: https://stopcovid.gouv.fr
Source: androidString found in binary or memory: https://stopcovid.solidarites-sante.gouv.fr/mineurs
Source: strings-ar.json, androidString found in binary or memory: https://voxusagers.numerique.gouv.fr/Demarches/2543?&view-mode=formulaire-avis&nd_mode=en-ligne-enti
Source: strings-ar.json, androidString found in binary or memory: https://www.economie.gouv.fr/stopcovid-faq

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Has permission to take photosShow sources
Source: submitted apkRequest permission: android.permission.CAMERA

E-Banking Fraud:

barindex
Has functionalty to add an overlay to other appsShow sources
Source: androidx.appcompat.app.AppCompatDelegateImpl;->openPanel:686API Call: WindowManager.addView
Source: androidx.appcompat.widget.TooltipCompatHandler;->show:128API Call: WindowManager.addView

Change of System Appearance:

barindex
Acquires a wake lockShow sources
Source: androidx.work.impl.Processor;->startForeground:66API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.work.impl.background.systemalarm.DelayMetCommandHandler;->handleProcessWork:41API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.work.impl.background.systemalarm.SystemAlarmDispatcher$1;->run:34API Call: android.os.PowerManager$WakeLock.acquire
Source: androidx.work.impl.background.systemalarm.SystemAlarmDispatcher;->processCommand:73API Call: android.os.PowerManager$WakeLock.acquire

System Summary:

barindex
Requests to ignore battery optimizationsShow sources
Source: Lcom/lunabeestudio/stopcovid/manager/ProximityManager;->requestIgnoreBatteryOptimization(Landroidx/fragment/app/Fragment;)VMethod string: "android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"
Source: Lcom/lunabeestudio/stopcovid/manager/ProximityManager;->hasActivityToResolveIgnoreBatteryOptimization(Landroid/content/Context;)ZMethod string: "android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.BLUETOOTH
Source: submitted apkRequest permission: android.permission.BLUETOOTH_ADMIN
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Classification labelShow sources
Source: classification engineClassification label: sus28.andAPK@0/251@0/0
Creates SQLiteDatabase tableShow sources
Source: androidx.work.impl.WorkDatabaseMigrations$WorkMigration9To10;->migrate:46API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: androidx.work.impl.WorkDatabase_Impl$1;->createAllTables:46API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: androidx.work.impl.WorkDatabaseMigrations$1;->migrate:13API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: androidx.room.RoomOpenHelper;->updateIdentity:104API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: androidx.work.impl.WorkDatabaseMigrations$4;->migrate:4API Call: android.database.sqlite.SQLiteDatabase.execSQL
Reads shares settingsShow sources
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getAppAvailability:13API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getAtRisk:20API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getAtRiskLastRefresh:27API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getAtRiskMaxHourContactNotif:33API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getAtRiskMinHourContactNotif:39API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getBackgroundServiceManufacturerData:45API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getCalibration:50API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getCharacteristicUUID:59API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getCheckStatusFrequency:64API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getDataRetentionPeriod:70API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getKA:76API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getKEA:81API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getLastExposureTimeframe:86API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getPreSymptomsSpan:92API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getProximityActive:98API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getQuarantinePeriod:105API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getRandomStatusHour:111API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getServiceUUID:117API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->getShouldReloadBleSettings:122API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.framework.local.datasource.SecureKeystoreDataSource;->isSick:134API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.stopcovid.extension.SharedPreferencesExtKt;->isOnBoardingDone:2API Call: android.content.SharedPreferences.getBoolean
Source: androidx.work.impl.WorkDatabaseMigrations$WorkMigration9To10;->migrate:14API Call: android.content.SharedPreferences.getBoolean
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->getAesGcmLocalProtectionKey:46API Call: android.content.SharedPreferences.getString
Source: com.lunabeestudio.stopcovid.manager.AppMaintenanceManager;->retrieveLastMaintenanceJson:10API Call: android.content.SharedPreferences.getString
Registers a Sensor listener (to get data about accelerometer, gyrometer etc.)Show sources
Source: com.journeyapps.barcodescanner.camera.CameraManager;->startPreview:257API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Found very long method stringsShow sources
Source: Lcom/lunabeestudio/stopcovid/coreui/manager/ServerManager;->getDefaultAssetFile(Landroid/content/Context;)Ljava/lang/Object;Method string: [{ "section": "Vos donnes sont protges", "description": "StopCovid est conforme la rglementation qui garantit la protection de vos donnes.", "links": [ { "label": "Plus d'informations sur RGPD", " Length: 4543
Uses reflectionShow sources
Source: com.google.gson.internal.ConstructorConstructor$14;-><init>:8API Call: Real call: private static final sun.misc.Unsafe sun.misc.Unsafe.theUnsafe
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: sun.misc.Unsafe@aa54e8
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: Real call: public native java.lang.Object sun.misc.Unsafe.allocateInstance(java.lang.Class)
Source: androidx.appcompat.widget.ViewUtils;->makeOptionalFitsSystemWindows:22API Call: Real call: androidx.appcompat.widget.FitWindowsLinearLayout{a54febe V.E...... ......I. 0,0-0,0 #7f090034 app:id/action_bar_root}
Source: androidx.appcompat.widget.ViewUtils;->makeOptionalFitsSystemWindows:22API Call: Real call: public void android.view.ViewGroup.makeOptionalFitsSystemWindows()
Source: androidx.activity.ImmLeaksCleaner;->onStateChanged:16API Call: java.lang.reflect.Field.get
Source: androidx.activity.ImmLeaksCleaner;->onStateChanged:18API Call: java.lang.reflect.Field.get
Source: kotlinx.coroutines.android.AndroidExceptionPreHandler;->handleException:14API Call: java.lang.reflect.Method.invoke
Source: kotlinx.coroutines.android.HandlerDispatcherKt;->asHandler:8API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:21API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:23API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->configureTlsExtensions:27API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.android.AndroidSocketAdapter;->getSelectedProtocol:32API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.ActivityRecreator$3;->run:8API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.ActivityRecreator$3;->run:13API Call: java.lang.reflect.Method.invoke
Source: androidx.core.app.ActivityRecreator$LifecycleCheckCallbacks;->onActivityPaused:5API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator$LifecycleCheckCallbacks;->onActivityPaused:7API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator;->recreate:35API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator;->recreate:37API Call: java.lang.reflect.Field.get
Source: androidx.core.app.ActivityRecreator;->recreate:50API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatActivity;->attachBaseContext:54API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatDelegateImpl;->applyDayNight:69API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatDelegateImpl;->applyDayNight:78API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatDelegateImpl;->applyDayNight:88API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatDelegateImpl;->applyDayNight:95API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatViewInflater$DeclaredOnClickListener;->onClick:37API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->flushThemedResourcesCache:1560API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->getButtonDrawable:1630API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->getLayoutDirection:1802API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->setLayoutDirection:3062API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatDelegateImpl$ConfigurationImplApi17;->setWindowLayoutType:3119API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter;->write:28API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter;->write:32API Call: java.lang.reflect.Field.get
Source: com.google.android.material.chip.Chip;->dispatchHoverEvent:218API Call: java.lang.reflect.Field.get
Source: com.google.android.material.chip.Chip;->dispatchHoverEvent:226API Call: java.lang.reflect.Method.invoke
Source: kotlinx.coroutines.CommonPool;->createPool:25API Call: java.lang.reflect.Method.invoke
Source: kotlinx.coroutines.CommonPool;->createPool:31API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->getResId:35API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->getResPackage:53API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->getUri:73API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.WrappedDrawableApi21;->isProjected:18API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi21Impl;->addFontWeightStyle:6API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi24Impl;->addFontWeightStyle:22API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi24Impl;->createFromFamiliesWithDefault:28API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi21Impl;->createFromFontFamilyFilesResourceEntry:42API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi28Impl;->createFromFamiliesWithDefault:9API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->abortCreation:23API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->addFontFromAssetManager:31API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->createFromFamiliesWithDefault:39API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->createFromFontInfo:74API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.TypefaceCompatApi26Impl;->freeze:89API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.ConstructorConstructor$14;-><init>:15API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$2;->newInstance:5API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$3;->newInstance:4API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.BaseContinuationImpl;->getStackTraceElement:13API Call: java.lang.reflect.Field.get
Source: kotlin.coroutines.jvm.internal.BaseContinuationImpl;->getStackTraceElement:36API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.BaseContinuationImpl;->getStackTraceElement:38API Call: java.lang.reflect.Method.invoke
Source: kotlin.coroutines.jvm.internal.BaseContinuationImpl;->getStackTraceElement:40API Call: java.lang.reflect.Method.invoke
Source: kotlin.internal.PlatformImplementations;->addSuppressed:3API Call: java.lang.reflect.Method.invoke
Source: androidx.lifecycle.ClassesInfoCache$CallbackInfo;->invokeMethodsForEvent:18API Call: java.lang.reflect.Method.invoke
Source: androidx.lifecycle.ClassesInfoCache$CallbackInfo;->invokeMethodsForEvent:20API Call: java.lang.reflect.Method.invoke
Source: androidx.lifecycle.ClassesInfoCache$CallbackInfo;->invokeMethodsForEvent:22API Call: java.lang.reflect.Method.invoke
Source: com.lunabeestudio.stopcovid.manager.ProximityManager;->isNotificationOn:106API Call: java.lang.reflect.Field.get
Source: com.lunabeestudio.stopcovid.manager.ProximityManager;->isNotificationOn:110API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.view.menu.CascadingMenuPopup;->showMenu:178API Call: java.lang.reflect.Method.invoke
Source: androidx.navigation.NavArgsLazy;->getValue:19API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform$CustomTrustRootIndex;->findByIssuerAndSignature:10API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform;->getStackTraceForCloseable:84API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform;->getStackTraceForCloseable:86API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform;->logCloseableLeak:98API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->afterHandshake:4API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->configureTlsExtensions:29API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform$AlpnProvider;->invoke:37API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk8WithJettyBootPlatform;->getSelectedProtocol:36API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.ExtensionRegistryLite;->getEmptyRegistry:11API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.GeneratedMessageLite;->invokeOrDie:44API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.ManifestSchemaFactory;-><init>:7API Call: java.lang.reflect.Method.invoke
Source: com.google.protobuf.UnsafeUtil$1;->run:5API Call: java.lang.reflect.Field.get
Source: org.bouncycastle.jsse.provider.ReflectionUtil$6;->run:5API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;-><init>:7API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->makeAccessible:17API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->makeAccessible:27API Call: java.lang.reflect.Method.invoke
Source: retrofit2.Retrofit$1;->invoke:4API Call: java.lang.reflect.Method.invoke
Source: androidx.transition.ViewUtilsBase;->setLeftTopRightBottom:17API Call: java.lang.reflect.Method.invoke
Source: org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil$1;->run:7API Call: java.lang.reflect.Method.invoke
Source: androidx.versionedparcelable.VersionedParcel;->readVersionedParcelable:52API Call: java.lang.reflect.Method.invoke
Source: androidx.versionedparcelable.VersionedParcel;->writeVersionedParcelable:79API Call: java.lang.reflect.Method.invoke
Source: androidx.core.view.KeyEventDispatcher;->dispatchKeyEvent:11API Call: java.lang.reflect.Method.invoke
Source: androidx.core.view.KeyEventDispatcher;->dispatchKeyEvent:22API Call: java.lang.reflect.Field.get
Source: androidx.core.view.ViewCompat;->getAccessibilityDelegateInternal:87API Call: java.lang.reflect.Field.get
Source: androidx.core.view.ViewConfigurationCompat;->getLegacyScrollFactor:7API Call: java.lang.reflect.Method.invoke
Source: androidx.core.view.WindowInsetsCompat$BuilderImpl20;-><init>:8API Call: java.lang.reflect.Field.get
Source: androidx.appcompat.view.SupportMenuInflater$InflatedOnMenuItemClickListener;->onMenuItemClick:21API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.view.SupportMenuInflater$InflatedOnMenuItemClickListener;->onMenuItemClick:25API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.view.SupportMenuInflater$MenuState;->setItem:53API Call: java.lang.reflect.Method.invoke
Source: androidx.core.widget.TextViewCompat$OreoCallback;->onPrepareActionMode:30API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->updateHierarchy:680API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->updateHierarchy:684API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->updateHierarchy:687API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->updateHierarchy:691API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->updateHierarchy:695API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->updateHierarchy:699API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintLayout;->updateHierarchy:703API Call: java.lang.reflect.Method.invoke
Source: androidx.constraintlayout.widget.ConstraintSet;->clone:219API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.AppCompatTextViewAutoSizeHelper;->invokeAndReturnWithDefault:25API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.DrawableUtils;->getOpticalBounds:30API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.AppCompatTextViewAutoSizeHelper;->setTextSizeInternal:159API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.ListPopupWindow;->show:101API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.ListPopupWindow;->show:158API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.ListPopupWindow;->show:173API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView$SearchAutoComplete;->ensureImeVisible:14API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView;->forceSuggestionQuery:208API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView;->forceSuggestionQuery:213API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.ViewUtils;->computeFitSystemWindows:10API Call: java.lang.reflect.Method.invoke

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: androidx.work.impl.utils.WakeLocks;->newWakeLock:24API Call: android.os.PowerManager.newWakeLock
Starts/registers a service/receiver on phone boot (autostart)Show sources
Source: androidx.work.impl.background.systemalarm.RescheduleReceiver;->onReceive:18API Call: android.content.Context.startService (not executed)

Hooking and other Techniques for Hiding and Protection:

barindex
Has permission to use bluetooth to discover and pair with other devicesShow sources
Source: submitted apkRequest permission: android.permission.BLUETOOTH_ADMIN
Queries list of running processes/tasksShow sources
Source: androidx.work.impl.background.greedy.GreedyScheduler;->getProcessName:33API Call: android.app.ActivityManager.getRunningAppProcesses
Uses Crypto APIsShow sources
Source: com.lunabeestudio.stopcovid.fragment.ProximityFragment;->injectWebView:137API Call: java.security.MessageDigest.getInstance
Source: com.lunabeestudio.stopcovid.fragment.ProximityFragment;->injectWebView:142API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider$NonceEntropySource$NonceEntropySourceSpi;->runDigest:22API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider$NonceEntropySource$NonceEntropySourceSpi;->runDigest:24API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider$NonceEntropySource$NonceEntropySourceSpi;->runDigest:26API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsHash;->calculateHash:3API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsHash;->update:12API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceAEADCipherImpl;->doFinal:14API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherImpl;->doFinal:7API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherImpl;->init:15API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceAEADCipherImpl;->init:28API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceAEADCipherImpl;->init:34API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherWithCBCImplicitIVImpl;->doFinal:6API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceBlockCipherWithCBCImplicitIVImpl;->doFinal:15API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceChaCha20Poly1305;->init:44API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceChaCha20Poly1305;->runCipher:55API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;->decrypt:30API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;->decrypt:31API Call: javax.crypto.Cipher.doFinal
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:36API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:38API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:39API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:40API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:42API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:43API Call: java.security.MessageDigest.update
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:44API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;->prf:46API Call: java.security.MessageDigest.digest
Source: com.lunabeestudio.framework.local.LocalCryptoManager$decrypt$1;->invoke:4API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.local.LocalCryptoManager$decrypt$1;->invoke:7API Call: javax.crypto.Cipher.doFinal
Source: com.lunabeestudio.framework.local.LocalCryptoManager$encrypt$ciphertext$1;->invoke:3API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.local.LocalCryptoManager$encrypt$ciphertext$1;->invoke:18API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.local.LocalCryptoManager$encrypt$ciphertext$1;->invoke:21API Call: javax.crypto.Cipher.doFinal
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->getAesGcmLocalProtectionKey:41API Call: javax.crypto.KeyGenerator.generateKey
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->getAesGcmLocalProtectionKey:55API Call: javax.crypto.Cipher.getInstance
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->getAesGcmLocalProtectionKey:56API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->getAesGcmLocalProtectionKey:102API Call: javax.crypto.Cipher.getInstance
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->getAesGcmLocalProtectionKey:104API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->createCipherInputStream:118API Call: javax.crypto.Cipher.getInstance
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->createCipherInputStream:122API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->createCipherOutputStream:130API Call: javax.crypto.Cipher.getInstance
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->createCipherOutputStream:133API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->createCipherOutputStream:142API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->decrypt:159API Call: javax.crypto.Cipher.getInstance
Source: com.lunabeestudio.framework.local.LocalCryptoManager;->encrypt:183API Call: javax.crypto.Cipher.getInstance
Source: okio.ByteString;->digest$okio:15API Call: java.security.MessageDigest.getInstance
Source: okio.ByteString;->digest$okio:17API Call: java.security.MessageDigest.digest
Source: okio.SegmentedByteString;->digest$okio:6API Call: java.security.MessageDigest.getInstance
Source: okio.SegmentedByteString;->digest$okio:10API Call: java.security.MessageDigest.update
Source: okio.SegmentedByteString;->digest$okio:11API Call: java.security.MessageDigest.digest
Source: org.bouncycastle.math.raw.Nat576;->generateEncryptedPreMasterSecret:467API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.math.raw.Nat576;->generateEncryptedPreMasterSecret:472API Call: javax.crypto.Cipher.init
Source: org.bouncycastle.math.raw.Nat576;->generateEncryptedPreMasterSecret:473API Call: javax.crypto.Cipher.doFinal
Source: com.lunabeestudio.framework.sharedcrypto.BouncyCastleCryptoDataSource$decrypt$1;->invoke:4API Call: javax.crypto.Cipher.init
Source: com.lunabeestudio.framework.sharedcrypto.BouncyCastleCryptoDataSource$decrypt$1;->invoke:7API Call: javax.crypto.Cipher.doFinal
Source: com.lunabeestudio.framework.sharedcrypto.BouncyCastleCryptoDataSource;->decrypt:29API Call: javax.crypto.Cipher.getInstance
Source: org.bouncycastle.tls.TlsUtils;->calculateEndPointHash:137API Call: java.security.MessageDigest.update
Source: org.bouncycastle.jcajce.util.BCJcaJceHelper;->createCipher:12API Call: javax.crypto.Cipher.getInstance
Source: org.bouncycastle.jcajce.util.BCJcaJceHelper;->createDigest:14API Call: java.security.MessageDigest.getInstance
Source: org.bouncycastle.jcajce.util.DefaultJcaJceHelper;->createCipher:4API Call: javax.crypto.Cipher.getInstance
Source: org.bouncycastle.jcajce.util.DefaultJcaJceHelper;->createDigest:5API Call: java.security.MessageDigest.getInstance

Malware Analysis System Evasion:

barindex
Accesses android OS build fieldsShow sources
Source: androidx.appcompat.app.AppCompatDelegateImpl;-><clinit>:2Field Access: android.os.Build.FINGERPRINT
Source: com.journeyapps.barcodescanner.camera.CameraManager;->setDesiredParameters:170Field Access: android.os.Build.DEVICE
Source: com.lunabeestudio.framework.ble.service.RobertProximityService;->getBleSettings:43Field Access: android.os.Build.MODEL
Source: com.google.android.material.textfield.TextInputEditText;->onAttachedToWindow:29Field Access: android.os.Build.MANUFACTURER

Stealing of Sensitive Information:

barindex
Queries camera informationShow sources
Source: com.journeyapps.barcodescanner.camera.CameraManager;->open:37API Call: android.hardware.Camera.open
Source: com.journeyapps.barcodescanner.camera.CameraManager;->open:41API Call: android.hardware.Camera.getCameraInfo
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->getCameraId:1API Call: android.hardware.Camera.getNumberOfCameras
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->getCameraId:6API Call: android.hardware.Camera.getCameraInfo
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION

Malware Configuration

No configs have been found

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
stopcovid-1.0.1-PlayStore.apk0%VirustotalBrowse
stopcovid-1.0.1-PlayStore.apk0%MetadefenderBrowse
stopcovid-1.0.1-PlayStore.apk0%ReversingLabs

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://app.stopcovid.gouv.fr/json/version-22/config.json0%Avira URL Cloudsafe
https://stopcovid.gouv.fr0%Avira URL Cloudsafe
http://semver.org)0%Avira URL Cloudsafe
https://mesconseilscovid.sante.gouv.fr/0%VirustotalBrowse
https://mesconseilscovid.sante.gouv.fr/0%Avira URL Cloudsafe
https://maladiecoronavirus.fr/se-tester0%VirustotalBrowse
https://maladiecoronavirus.fr/se-tester0%Avira URL Cloudsafe
https://stopcovid.solidarites-sante.gouv.fr/mineurs0%Avira URL Cloudsafe
https://app.stopcovid.gouv.fr/json/version-22/0%Avira URL Cloudsafe
https://voxusagers.numerique.gouv.fr/Demarches/2543?&view-mode=formulaire-avis&nd_mode=en-ligne-enti0%Avira URL Cloudsafe
https://www.economie.gouv.fr/stopcovid-faq0%Avira URL Cloudsafe
https://bonjour.stopcovid.gouv.fr/stopcovid.html0%Avira URL Cloudsafe
https://app.stopcovid.gouv.fr/json/version-22/cnil.html0%Avira URL Cloudsafe
https://app.stopcovid.gouv.fr/maintenance/info-maintenance-v2.json0%Avira URL Cloudsafe
https://api.stopcovid.gouv.fr0%Avira URL Cloudsafe
https://bonjour.stopcovid.gouv.fr/0%VirustotalBrowse
https://bonjour.stopcovid.gouv.fr/0%Avira URL Cloudsafe
https://app.stopcovid.gouv.fr/json/version-21/devices.html0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
173.194.76.188jo.gov.moh.aman_1.0.apkGet hashmaliciousBrowse
    InPost.apkGet hashmaliciousBrowse
      InPostGet hashmaliciousBrowse
        NowaPocztaInteria.apkGet hashmaliciousBrowse
          adc574638a9bc4691.apkGet hashmaliciousBrowse
            Immuni-1.0.1-it.ministerodellasalute.immuni.apkGet hashmaliciousBrowse
              NsjFjlKlaZ.apkGet hashmaliciousBrowse
                Immuni_it.ministerodellasalute.immuni.apkGet hashmaliciousBrowse
                  Immuni-1.0.0build1000975-release.apkGet hashmaliciousBrowse
                    8kqdrsxMSs.apkGet hashmaliciousBrowse
                      thVZVGY6Or.apkGet hashmaliciousBrowse
                        app-debug.apkGet hashmaliciousBrowse
                          bdsmlr-3-512.apkGet hashmaliciousBrowse
                            app-debug.apkGet hashmaliciousBrowse
                              app-debug.apkGet hashmaliciousBrowse
                                app-debug.apkGet hashmaliciousBrowse
                                  com.sita.clean.macropinch.nova_232_apktada.com (1).apkGet hashmaliciousBrowse
                                    8k9ZcMp5b2Get hashmaliciousBrowse
                                      metroZONE_v58.6.6069.apkGet hashmaliciousBrowse
                                        ynhsumknjtd.hphsefyntauykl.hauqklysedjjnuksoGet hashmaliciousBrowse

                                          Domains

                                          No context

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          unknownhttp://download.fromdoctopdf.comGet hashmaliciousBrowse
                                          • 216.58.206.6
                                          Citibank ACH Remittance Advice.xlsmGet hashmaliciousBrowse
                                          • 91.235.143.133
                                          yjhC7BcTJo.exeGet hashmaliciousBrowse
                                          • 172.16.178.137
                                          http://wr.1textcouldwreckitall.com/?Profile=Lisa12&Get hashmaliciousBrowse
                                          • 104.31.79.173
                                          https://cotswoldhomesltd-my.sharepoint.com/:o:/g/personal/tim_hayman_cotswoldhomes_co_uk/EuqvxDKUovRJgMKYUTsUVfABtXKhjqZpEr_AxujuXauVLQ?e=qHLscQGet hashmaliciousBrowse
                                          • 151.139.128.8
                                          4J6Edd8CRp.exeGet hashmaliciousBrowse
                                          • 114.55.211.65
                                          INFORMATION ABOUT MY FAMILY ORIGIN.docGet hashmaliciousBrowse
                                          • 63.33.106.135
                                          shipment_HW867251015.xlsmGet hashmaliciousBrowse
                                          • 34.199.242.199
                                          shipment_HW867251015.xlsmGet hashmaliciousBrowse
                                          • 34.199.242.199
                                          build.exeGet hashmaliciousBrowse
                                          • 94.130.164.163
                                          Invoice_CAII00008052.exeGet hashmaliciousBrowse
                                          • 184.168.221.49
                                          32.exeGet hashmaliciousBrowse
                                          • 185.246.153.100
                                          https://loudsjack.comGet hashmaliciousBrowse
                                          • 64.58.126.236
                                          terminal.exeGet hashmaliciousBrowse
                                          • 138.201.201.91
                                          psy.exeGet hashmaliciousBrowse
                                          • 94.130.164.163
                                          https://storage.googleapis.com/adobe-reader/Index.htmlGet hashmaliciousBrowse
                                          • 151.101.112.193
                                          https://serverupdateprot14225.uk.r.appspot.com/#p.fally@sbo.co.atGet hashmaliciousBrowse
                                          • 104.16.133.229
                                          pro-forma DA query.xlsmGet hashmaliciousBrowse
                                          • 185.234.217.224
                                          http://v7traders.comGet hashmaliciousBrowse
                                          • 66.219.22.140
                                          moIt9JzdTf.dllGet hashmaliciousBrowse
                                          • 79.141.166.200

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Screenshots

                                          Thumbnails

                                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.