Loading ...

Play interactive tourEdit tour

Analysis Report stopp-corona-2-0-3-1057-QA-245.apk

Overview

General Information

Sample Name:stopp-corona-2-0-3-1057-QA-245.apk
Analysis ID:245703
MD5:f7e009ad2a9a957b18e69e3a39b7c9c9
SHA1:5d7c9e7032a9c23111bc7d9cb50a08d3dd936468
SHA256:8e713452e2f6cefe1408ef8dbdb3ed863239e405cc468612c346047ccaf63d30

Most interesting Screenshot:

Detection

Score:7
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Accesses android OS build fields
Checks an internet connection is available
Found very long method strings
Has functionalty to add an overlay to other apps
Has permission to execute code after phone reboot
Installs a new wake lock (to get activate on phone screen on)
Obfuscates method names
Opens an internet connection
Performs DNS lookups (Java API)
Queries list of running processes/tasks
Queries several sensitive phone informations
Queries stored mail and application accounts (e.g. Gmail or Whatsup)
Queries the phones location (GPS)
Requests potentially dangerous permissions
Uses reflection

Classification

Yara Overview

No yara matches

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: m.b.k.h$h;->c:19API Call: android.location.LocationManager.getLastKnownLocation
Source: m.b.k.h$h;->c:27API Call: android.location.LocationManager.getLastKnownLocation
Source: m.b.k.h$h;->c:35API Call: android.location.Location.getLatitude
Source: m.b.k.h$h;->c:36API Call: android.location.Location.getLongitude
Source: m.b.k.h$h;->c:38API Call: android.location.Location.getLatitude
Source: m.b.k.h$h;->c:39API Call: android.location.Location.getLongitude
Source: m.b.k.h$h;->c:41API Call: android.location.Location.getLatitude
Source: m.b.k.h$h;->c:42API Call: android.location.Location.getLongitude
Source: m.x.w.o.f.e;->f:52API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: m.x.w.o.f.e;->f:53API Call: android.net.NetworkInfo.isConnected
Source: q.l0.h.a;->g:46API Call: java.net.Socket.connect (not executed)
Source: q.l0.h.e;->g:93API Call: java.net.Socket.connect (not executed)
Source: n.a.b.y.c;->a:12API Call: java.net.URL.openConnection (not executed)
Source: q.q$a;->a:2API Call: java.net.InetAddress.getAllByName (not executed)
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.40
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.21.195
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.21.195
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.10
Source: unknownDNS traffic detected: queries for: lh3.googleusercontent.com
Source: androidString found in binary or memory: http://app.prod-rca-coronaapp-fd.net/
Source: androidString found in binary or memory: http://cdn.prod-rca-coronaapp-fd.net/
Source: avd_show_password.xmlString found in binary or memory: http://schemas.android.com/aapt
Source: standalone_badge_gravity_bottom_end.xml, onboarding_page_epoxy_model.xml, fragment_contact_history.xml, design_appbar_state_list_animator.xml, mtrl_picker_header_fullscreen.xml, androidString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: mtrl_outlined_stroke_color.xml, abc_screen_simple.xml, avd_show_password.xml, test_reflow_chipgroup.xml, mtrl_fab_transformation_sheet_expand_spec.xml, onboarding_page_epoxy_model.xml, abc_btn_check_material_anim.xml, text_view_without_line_height.xml, fragment_contact_history.xml, abc_btn_colored_material.xml, abc_ic_arrow_drop_right_black_24dp.xml, btn_checkbox_checked_to_unchecked_mtrl_animation.xml, btn_checkbox_to_checked_box_outer_merged_animation.xml, debug_contact_tracing_fragment.xml, design_text_input_start_icon.xml, mtrl_extended_fab_state_list_animator.xml, design_layout_snackbar.xml, common_google_signin_btn_text_dark_normal.xml, design_snackbar_in.xml, design_appbar_state_list_animator.xml, design_navigation_item.xml, mtrl_calendar_month.xml, base_list_fragment.xml, mtrl_picker_header_fullscreen.xml, shape_handshake_bottom_sheet.xml, test_toolbar.xml, mtrl_alert_dialog_actions.xml, mtrl_fab_show_motion_spec.xml, androidString found in binary or memory: http://schemas.android.com/apk/res/android
Source: keep_third_party_licenses.xmlString found in binary or memory: http://schemas.android.com/tools
Source: androidString found in binary or memory: http://sms.prod-rca-coronaapp-fd.net/
Source: roboto_bold_italic.ttf, roboto_regular.ttf, roboto_bold.ttfString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: androidString found in binary or memory: https://app.prod-rca-coronaapp-fd.net/Rest/v8/
Source: androidString found in binary or memory: https://cdn.prod-rca-coronaapp-fd.net
Source: androidString found in binary or memory: https://cdn.prod-rca-coronaapp-fd.net/
Source: keep_third_party_licenses.xmlString found in binary or memory: https://developer.android.com/studio/build/shrink-code.html#keep-resources
Source: androidString found in binary or memory: https://github.com/ReactiveX/RxJava/wiki/Error-Handling
Source: androidString found in binary or memory: https://github.com/ReactiveX/RxJava/wiki/Plugins
Source: androidString found in binary or memory: https://github.com/ReactiveX/RxJava/wiki/What
Source: androidString found in binary or memory: https://github.com/airbnb/epoxy/wiki/Avoiding-Memory-Leaks
Source: androidString found in binary or memory: https://play.google.com/store/apps/details?id=
Source: androidString found in binary or memory: https://plus.google.com/
Source: androidString found in binary or memory: https://sms.prod-rca-coronaapp-fd.net/api/v1/
Source: imprint_en.htmlString found in binary or memory: https://www.roteskreuz.at/organisieren/organisation/struktur-organisation/das-oesterreichische-rote-
Source: imprint_en.htmlString found in binary or memory: https://www.roteskreuz.at/organisieren/organisation/wer-wir-sind/rechtliche-grundlagen/)
Source: androidString found in binary or memory: https://www.roteskreuz.at/site/faq-app-stopp-corona/
Source: n.a.b.y.c;->a:15API Call: java.net.HttpURLConnection.connect
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39444
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56402
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59009
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59526
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57211
Source: unknownNetwork traffic detected: HTTP traffic on port 59526 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33000
Source: unknownNetwork traffic detected: HTTP traffic on port 39444 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56402 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 33000 -> 443
Source: m.b.k.h;->G:140API Call: WindowManager.addView
Source: m.b.q.z0;->d:100API Call: WindowManager.addView
Source: m.x.w.n.b.d;->f:92API Call: android.os.PowerManager$WakeLock.acquire
Source: m.x.w.n.b.e$a;->run:34API Call: android.os.PowerManager$WakeLock.acquire
Source: m.x.w.n.b.e;->e:73API Call: android.os.PowerManager$WakeLock.acquire
Source: submitted apkRequest permission: android.permission.BLUETOOTH
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: classification engineClassification label: clean7.andAPK@0/251@2/0
Source: d.a.a.g.a.g.n;->a:5API Call: "pref_terms_and_conditions_repository_data_privacy_timestamp_v1.1": null
Source: d.a.a.b.a.b$a;->invoke:22API Call: android.content.SharedPreferences.getBoolean
Source: n.e.a.a.a.a.a.a.a;->c:34API Call: android.content.SharedPreferences.getString
Source: d.a.a.g.a.g.d;->a:6API Call: android.content.SharedPreferences.getBoolean
Source: d.a.a.g.a.g.f;->a:7API Call: android.content.SharedPreferences.getString
Source: d.a.a.g.a.g.g;->a:7API Call: android.content.SharedPreferences.getString
Source: d.a.a.g.a.g.i;->a:4API Call: android.content.SharedPreferences.getBoolean
Source: d.a.a.g.a.g.m;->a:5API Call: android.content.SharedPreferences.getString
Source: m.x.w.h$h;->a:13API Call: android.content.SharedPreferences.getBoolean
Source: Ln/e/a/a/c/v;->B()[BMethod string: 0\u0082\u0004\u00a80\u0082\u0003\u0090\u00a0\u0003\u0002\u0001\u0002\u0002\t\u0000\u00d5\u0085\u00b8l}\u00d3N\u00f50\r\u0006\t*\u0086H\u0086\u00f7\r\u0001\u0001\u0004\u0005\u00000\u0081\u00941\u000b0\t\u0006\u0003U\u0004\u0006\u0013\u0002US1\u00130\u0011\ Length: 4395
Source: stopp-corona-2-0-3-1057-QA-245.apkTotal valid method names: 36%
Source: m.m.a$a;->a:22API Call: Real call: public final void at.roteskreuz.stopcorona.model.repositories.other.OfflineSyncerImpl$LifecycleListener.onEnterForeground()
Source: j.a.s;->g0:30API Call: java.lang.reflect.Method.invoke
Source: j.a.s;->g0:36API Call: java.lang.reflect.Method.invoke
Source: j.a.a.f;->a:6API Call: java.lang.reflect.Method.invoke
Source: n.g.a.a$b;->c:22API Call: java.lang.reflect.Method.invoke
Source: n.g.a.b;->d:6API Call: java.lang.reflect.Method.invoke
Source: n.g.a.h;->a:5API Call: java.lang.reflect.Method.invoke
Source: n.g.a.i;->a:5API Call: java.lang.reflect.Method.invoke
Source: n.g.a.j;->a:4API Call: java.lang.reflect.Method.invoke
Source: n.g.a.l;->toJson:33API Call: java.lang.reflect.Field.get
Source: n.g.a.l$a;->a:37API Call: java.lang.reflect.Field.get
Source: n.g.a.l$a;->a:44API Call: java.lang.reflect.Method.invoke
Source: p.k.j.a.a;->h:23API Call: java.lang.reflect.Field.get
Source: p.k.j.a.a;->h:46API Call: java.lang.reflect.Method.invoke
Source: p.k.j.a.a;->h:48API Call: java.lang.reflect.Method.invoke
Source: p.k.j.a.a;->h:50API Call: java.lang.reflect.Method.invoke
Source: androidx.activity.ImmLeaksCleaner;->d:16API Call: java.lang.reflect.Field.get
Source: androidx.activity.ImmLeaksCleaner;->d:18API Call: java.lang.reflect.Field.get
Source: kotlinx.coroutines.android.AndroidExceptionPreHandler;->handleException:18API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.app.AppCompatViewInflater$a;->onClick:37API Call: java.lang.reflect.Method.invoke
Source: com.google.android.material.chip.Chip;->dispatchHoverEvent:209API Call: java.lang.reflect.Field.get
Source: com.google.android.material.chip.Chip;->dispatchHoverEvent:217API Call: java.lang.reflect.Method.invoke
Source: m.h.d.b$c;->onActivityPaused:5API Call: java.lang.reflect.Field.get
Source: m.h.d.b$c;->onActivityPaused:7API Call: java.lang.reflect.Field.get
Source: m.h.d.b;->b:35API Call: java.lang.reflect.Field.get
Source: m.h.d.b;->b:37API Call: java.lang.reflect.Field.get
Source: m.h.d.b;->b:50API Call: java.lang.reflect.Method.invoke
Source: m.h.d.c;->run:8API Call: java.lang.reflect.Method.invoke
Source: m.h.d.c;->run:13API Call: java.lang.reflect.Method.invoke
Source: m.h.d.e;-><init>:11API Call: java.lang.reflect.Method.invoke
Source: n.e.a.a.d.b;->k:9API Call: java.lang.reflect.Field.get
Source: androidx.core.graphics.drawable.IconCompat;->b:14API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->c:27API Call: java.lang.reflect.Method.invoke
Source: m.h.f.d;->g:6API Call: java.lang.reflect.Method.invoke
Source: m.h.f.d;->a:40API Call: java.lang.reflect.Method.invoke
Source: m.h.f.e;->g:20API Call: java.lang.reflect.Method.invoke
Source: m.h.f.e;->h:26API Call: java.lang.reflect.Method.invoke
Source: m.h.f.g;->k:9API Call: java.lang.reflect.Method.invoke
Source: m.h.f.f;->b:50API Call: java.lang.reflect.Method.invoke
Source: m.h.f.f;->i:65API Call: java.lang.reflect.Method.invoke
Source: m.h.f.f;->j:73API Call: java.lang.reflect.Method.invoke
Source: m.h.f.f;->k:81API Call: java.lang.reflect.Method.invoke
Source: m.h.f.f;->l:83API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a$a;->a:6API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a$c;->a:4API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a;->e:35API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a;->e:37API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a;->e:41API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a;->h:56API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a;->i:65API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a;->i:67API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a;->j:74API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.c$a;->invoke:37API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a;->l:104API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.c;->a:4API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a;->o:112API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.a;->o:116API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.c;->e:29API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.d;->e:19API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.c;->h:36API Call: java.lang.reflect.Method.invoke
Source: q.l0.h.d;->h:29API Call: java.lang.reflect.Method.invoke
Source: n.e.a.a.c.i.b;-><init>:39API Call: java.lang.reflect.Method.invoke
Source: j.a.j2.c;->a:10API Call: java.lang.reflect.Method.invoke
Source: m.b.k.h;->L:231API Call: java.lang.reflect.Method.invoke
Source: m.b.k.h;->q:422API Call: java.lang.reflect.Field.get
Source: m.b.k.h;->q:427API Call: java.lang.reflect.Field.get
Source: m.b.k.h;->q:432API Call: java.lang.reflect.Field.get
Source: m.h.l.c;->a:11API Call: java.lang.reflect.Method.invoke
Source: m.h.l.c;->a:22API Call: java.lang.reflect.Field.get
Source: m.h.l.k;->e:156API Call: java.lang.reflect.Field.get
Source: m.h.l.o;->a:4API Call: java.lang.reflect.Method.invoke
Source: m.b.k.p;->x0:2538API Call: java.lang.reflect.Field.get
Source: p.l.a;->a:3API Call: java.lang.reflect.Method.invoke
Source: m.h.m.d;->onPrepareActionMode:30API Call: java.lang.reflect.Method.invoke
Source: m.m.a$a;->a:18API Call: java.lang.reflect.Method.invoke
Source: m.m.a$a;->a:20API Call: java.lang.reflect.Method.invoke
Source: m.b.p.g$a;->onMenuItemClick:21API Call: java.lang.reflect.Method.invoke
Source: m.b.p.g$a;->onMenuItemClick:25API Call: java.lang.reflect.Method.invoke
Source: m.b.p.g$b;->c:45API Call: java.lang.reflect.Method.invoke
Source: m.b.q.c0;->c:20API Call: java.lang.reflect.Method.invoke
Source: m.b.q.c1;->b:12API Call: java.lang.reflect.Method.invoke
Source: m.b.q.i0;->a:63API Call: java.lang.reflect.Method.invoke
Source: m.b.q.i0;->a:126API Call: java.lang.reflect.Method.invoke
Source: m.b.q.i0;->t:177API Call: java.lang.reflect.Method.invoke
Source: m.b.q.k0;->u:14API Call: java.lang.reflect.Method.invoke
Source: m.b.q.y;->f:13API Call: java.lang.reflect.Method.invoke
Source: m.b.q.y;->g:136API Call: java.lang.reflect.Method.invoke
Source: retrofit2.Retrofit$1;->invoke:4API Call: java.lang.reflect.Method.invoke
Source: m.w.a;->k:52API Call: java.lang.reflect.Method.invoke
Source: m.w.a;->o:79API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.ActionBarOverlayLayout;->fitSystemWindows:55API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView$SearchAutoComplete;->onWindowFocusChanged:49API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView;->C:176API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView;->t:460API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView;->t:464API Call: java.lang.reflect.Method.invoke
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Source: m.x.w.r.k;->b:24API Call: android.os.PowerManager.newWakeLock
Source: m.x.w.n.a.a;->f:137API Call: android.app.ActivityManager.getRunningAppProcesses
Source: r.h;->c:9API Call: java.security.MessageDigest.getInstance
Source: r.h;->c:11API Call: java.security.MessageDigest.digest
Source: r.u;->c:6API Call: java.security.MessageDigest.getInstance
Source: r.u;->c:10API Call: java.security.MessageDigest.update
Source: r.u;->c:11API Call: java.security.MessageDigest.digest
Source: unknownField Access: android.os.Build.FINGERPRINT
Source: d.a.a.e.a;-><clinit>:1Field Access: android.os.Build.FINGERPRINT
Source: n.e.a.a.c.i.b;-><init>:21Field Access: android.os.Build.BRAND
Source: n.e.a.a.c.i.b;-><init>:23Field Access: android.os.Build.ID
Source: n.e.a.a.c.i.b;-><init>:26Field Access: android.os.Build.ID
Source: com.google.android.material.textfield.TextInputEditText;->onAttachedToWindow:13Field Access: android.os.Build.MANUFACTURER
Source: Ln/a/b/z/w;-><clinit>()VMethod string: "os"
Source: Ld/a/a/b/b/c$g$b;->k(Ljava/lang/Object;)Ljava/lang/Object;Method string: "android"
Source: Ld/a/a/g/a/e/a/b/b;->responseBodyConverter(Ljava/lang/reflect/Type;[Ljava/lang/annotation/Annotation;Lretrofit2/Retrofit;)Lretrofit2/Converter;Method string: "type"
Source: Lat/roteskreuz/stopcorona/screens/menu/MenuController;->buildModels()VMethod string: "version"
Source: Ln/a/a/u;->X(Ln/a/a/k0;Ln/a/a/u$b;)VMethod string: "model"
Source: Lh/c/a/e;->B(Lh/c/a/d;Lh/c/a/f;)Lh/c/a/e;Method string: "time"
Source: n.e.a.a.h.b.a;->m:10API Call: android.accounts.Account.name

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsObfuscated Files or Information1Access Stored Application Data1System Network Connections Discovery1Application Deployment SoftwareLocation Tracking1Data CompressedStandard Cryptographic Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingLocation Tracking1Remote ServicesAccess Stored Application Data1Exfiltration Over Other Network MediumStandard Non-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureSystem Information Discovery1Windows Remote ManagementNetwork Information Discovery1Automated ExfiltrationStandard Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesProcess Discovery1Logon ScriptsInput CaptureData EncryptedMultiband CommunicationSIM Card SwapPremium SMS Toll Fraud

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.