Loading ...

Play interactive tourEdit tour

Analysis Report COVID Alert South Africa_v1.2.2_apkpure.com.apk

Overview

General Information

Sample Name:COVID Alert South Africa_v1.2.2_apkpure.com.apk
Analysis ID:289221
MD5:5a91e25c7c456f3735609726fca963ec
SHA1:7c8173e3559e85473faad37d17bb5ee04e185c73
SHA256:a983650cae6908b287eeace5eac01601473fa7d101d48ac723085fa19186be5a

Most interesting Screenshot:

Detection

Score:9
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Accesses android OS build fields
Checks an internet connection is available
Detected TCP or UDP traffic on non-standard ports
Found very long method strings
Has functionalty to add an overlay to other apps
Has permission to execute code after phone reboot
Installs a new wake lock (to get activate on phone screen on)
Lists and deletes files in the same context
Obfuscates method names
Opens an internet connection
Queries list of running processes/tasks
Queries several sensitive phone informations
Queries stored mail and application accounts (e.g. Gmail or Whatsup)
Queries the network operator ISO country code
Queries the phones location (GPS)
Requests potentially dangerous permissions
Starts/registers a service/receiver on phone boot (autostart)
Uses DownloadManager to fetch additional components
Uses reflection

Classification

Yara Overview

No yara matches

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: b.b.k.k$h;->c:22API Call: android.location.LocationManager.getLastKnownLocation
Source: b.b.k.k$h;->c:33API Call: android.location.LocationManager.getLastKnownLocation
Source: b.b.k.k$h;->c:41API Call: android.location.Location.getLatitude
Source: b.b.k.k$h;->c:42API Call: android.location.Location.getLongitude
Source: b.b.k.k$h;->c:44API Call: android.location.Location.getLatitude
Source: b.b.k.k$h;->c:45API Call: android.location.Location.getLongitude
Source: b.b.k.k$h;->c:47API Call: android.location.Location.getLatitude
Source: b.b.k.k$h;->c:48API Call: android.location.Location.getLongitude
Source: b.y.x.o.f.e;->f:52API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: b.y.x.o.f.e;->f:53API Call: android.net.NetworkInfo.isConnected
Source: e.a.a.a.g.c1;->U0:200API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: e.a.a.a.g.c1;->U0:201API Call: android.net.NetworkInfo.isConnected
Source: global trafficTCP traffic: 192.168.2.30:55940 -> 8.8.4.4:853
Source: global trafficTCP traffic: 192.168.2.30:44526 -> 8.8.8.8:853
Source: c.a.b.v.e;->a:60API Call: java.net.URL.openConnection (not executed)
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.46
Source: unknownDNS traffic detected: queries for: time.android.com
Source: $avd_show_password__2.xmlString found in binary or memory: http://schemas.android.com/aapt
Source: fragment_home.xml, standalone_badge_gravity_bottom_end.xml, activity_notify_learn_more.xml, design_appbar_state_list_animator.xml, mtrl_picker_header_fullscreen.xml, androidString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: mtrl_outlined_stroke_color.xml, abc_screen_simple.xml, fragment_home.xml, fragment_share_diagnosis_shared.xml, fragment_notify_home.xml, test_reflow_chipgroup.xml, mtrl_fab_transformation_sheet_expand_spec.xml, abc_btn_check_material_anim.xml, activity_notify_learn_more.xml, $avd_show_password__2.xml, text_view_without_line_height.xml, grey_filled_background.xml, abc_ic_arrow_drop_right_black_24dp.xml, btn_checkbox_checked_to_unchecked_mtrl_animation.xml, btn_checkbox_to_checked_box_outer_merged_animation.xml, abc_alert_dialog_button_bar_material.xml, design_text_input_start_icon.xml, mtrl_extended_fab_state_list_animator.xml, design_layout_snackbar.xml, common_google_signin_btn_text_dark_normal.xml, design_snackbar_in.xml, design_appbar_state_list_animator.xml, design_navigation_item.xml, mtrl_calendar_month.xml, mtrl_picker_header_fullscreen.xml, test_toolbar.xml, mtrl_fab_show_motion_spec.xml, androidString found in binary or memory: http://schemas.android.com/apk/res/android
Source: api.protoString found in binary or memory: http://semver.org)
Source: androidString found in binary or memory: https://api.ens.connect.sacoronavirus.co.za
Source: androidString found in binary or memory: https://api.ens.connect.sacoronavirus.co.za/diagnosis-attestation
Source: androidString found in binary or memory: https://api.whatsapp.com/send?phone=
Source: api.protoString found in binary or memory: https://cloud.google.com/apis/design/glossary
Source: plugin.protoString found in binary or memory: https://developers.google.com/protocol-buffers/
Source: descriptor.protoString found in binary or memory: https://developers.google.com/protocol-buffers/docs/proto#options
Source: androidString found in binary or memory: https://files.ens.connect.sacoronavirus.co.za/
Source: androidString found in binary or memory: https://plus.google.com/
Source: androidString found in binary or memory: https://sacoronavirus.co.za/covidalert/terms-and-conditions/
Source: unknownNetwork traffic detected: HTTP traffic on port 57492 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57060 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57030 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57030
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57492
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57060
Source: b.b.k.k;->I:160API Call: WindowManager.addView
Source: b.b.p.a1;->d:106API Call: WindowManager.addView
Source: b.p.a;->c:93API Calls in same method context: File.listFiles,File.delete
Source: b.p.d;->h:385API Calls in same method context: File.listFiles,File.delete
Source: b.y.x.n.b.d;->f:92API Call: android.os.PowerManager$WakeLock.acquire
Source: b.y.x.n.b.e$a;->run:34API Call: android.os.PowerManager$WakeLock.acquire
Source: b.y.x.n.b.e;->e:73API Call: android.os.PowerManager$WakeLock.acquire
Source: submitted apkRequest permission: android.permission.BLUETOOTH
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: classification engineClassification label: clean9.andAPK@0/259@1/0
Source: b.y.x.h$h;->a:46API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: androidx.work.impl.WorkDatabase_Impl$a;->a:46API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: za.gov.health.covidconnect.storage.ExposureNotificationDatabase_Impl$a;->a:19API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: b.y.x.h$a;->a:13API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: b.r.i;->c:60API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: b.y.x.h$d;->a:4API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: c.b.a.a.a.a.a.a.a;->c:34API Call: android.content.SharedPreferences.getString
Source: c.b.a.a.g.b.j;->b:3API Call: android.content.SharedPreferences.getBoolean
Source: c.b.a.a.g.b.k;->b:3API Call: android.content.SharedPreferences.getString
Source: c.b.a.a.g.b.l;->b:5API Call: android.content.SharedPreferences.getString
Source: e.a.a.a.c.l;-><init>:21API Call: android.content.SharedPreferences.getBoolean
Source: c.b.a.a.f.d.a;->call:6API Call: android.content.SharedPreferences.getBoolean
Source: c.b.a.a.f.d.d;->call:5API Call: android.content.SharedPreferences.getString
Source: e.a.a.a.f.l0;-><init>:7API Call: android.content.SharedPreferences.getString
Source: e.a.a.a.f.m0;-><init>:20API Call: android.content.SharedPreferences.getString
Source: e.a.a.a.f.m0;-><init>:26API Call: android.content.SharedPreferences.getString
Source: e.a.a.a.j.e;->a:8API Call: android.content.SharedPreferences.getString
Source: b.y.x.h$h;->a:14API Call: android.content.SharedPreferences.getBoolean
Source: Lc/b/a/a/d/y;->w()[BMethod string: 0\u0082\u0004\u00a80\u0082\u0003\u0090\u00a0\u0003\u0002\u0001\u0002\u0002\t\u0000\u00d5\u0085\u00b8l}\u00d3N\u00f50\r\u0006\t*\u0086H\u0086\u00f7\r\u0001\u0001\u0004\u0005\u00000\u0081\u00941\u000b0\t\u0006\u0003U\u0004\u0006\u0013\u0002US1\u00130\u0011\ Length: 4395
Source: COVID Alert South Africa_v1.2.2_apkpure.com.apkTotal valid method names: 38%
Source: b.b.p.d1;->b:12API Call: androidx.appcompat.widget.FitWindowsLinearLayout.makeOptionalFitsSystemWindows
Source: b.b.p.d1;->b:12API Call: Real call: public void android.view.ViewGroup.makeOptionalFitsSystemWindows()
Source: b.b.p.d1;->b:12API Call: androidx.appcompat.widget.FitWindowsFrameLayout.makeOptionalFitsSystemWindows
Source: c.b.b.f.a.b$k$a;->a:4API Call: java.lang.reflect.Field.get
Source: c.b.b.a.n;-><clinit>:10API Call: java.lang.reflect.Method.invoke
Source: c.b.b.a.n;->a:15API Call: java.lang.reflect.Method.invoke
Source: androidx.activity.ImmLeaksCleaner;->d:16API Call: java.lang.reflect.Field.get
Source: androidx.activity.ImmLeaksCleaner;->d:18API Call: java.lang.reflect.Field.get
Source: c.b.a.a.g.b.l0;->a:11API Call: java.lang.reflect.Method.invoke
Source: c.b.a.a.g.b.o3;->run:4API Call: java.lang.reflect.Field.get
Source: c.b.a.a.g.b.u1;-><init>:7API Call: java.lang.reflect.Method.invoke
Source: c.b.a.a.g.b.z0;->h:4API Call: java.lang.reflect.Method.invoke
Source: c.b.c.k0;->invokeOrDie:26API Call: java.lang.reflect.Method.invoke
Source: c.b.c.l0;->invokeOrDie:52API Call: java.lang.reflect.Method.invoke
Source: c.b.c.q;->g:97API Call: java.lang.reflect.Method.invoke
Source: c.b.c.v2$a;->a:4API Call: java.lang.reflect.Field.get
Source: c.b.c.v2$b;->l:12API Call: java.lang.reflect.Field.get
Source: c.b.c.v2$c;->l:12API Call: java.lang.reflect.Field.get
Source: c.b.c.w0;-><init>:7API Call: java.lang.reflect.Method.invoke
Source: c.b.c.z;->a:16API Call: java.lang.reflect.Method.invoke
Source: com.google.android.material.chip.Chip;->dispatchHoverEvent:217API Call: java.lang.reflect.Field.get
Source: com.google.android.material.chip.Chip;->dispatchHoverEvent:225API Call: java.lang.reflect.Method.invoke
Source: b.i.d.b$c;->onActivityPaused:5API Call: java.lang.reflect.Field.get
Source: b.i.d.b$c;->onActivityPaused:7API Call: java.lang.reflect.Field.get
Source: b.i.d.b;->b:35API Call: java.lang.reflect.Field.get
Source: b.i.d.b;->b:37API Call: java.lang.reflect.Field.get
Source: b.i.d.b;->b:50API Call: java.lang.reflect.Method.invoke
Source: b.i.d.c;->run:8API Call: java.lang.reflect.Method.invoke
Source: b.i.d.c;->run:13API Call: java.lang.reflect.Method.invoke
Source: b.i.d.e;-><init>:10API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->c:41API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->d:57API Call: java.lang.reflect.Method.invoke
Source: androidx.core.graphics.drawable.IconCompat;->e:88API Call: java.lang.reflect.Method.invoke
Source: c.b.a.a.e.b;->v:9API Call: java.lang.reflect.Field.get
Source: b.i.f.e;->g:6API Call: java.lang.reflect.Method.invoke
Source: b.i.f.f;->g:22API Call: java.lang.reflect.Method.invoke
Source: b.i.f.e;->a:41API Call: java.lang.reflect.Method.invoke
Source: b.i.f.f;->h:28API Call: java.lang.reflect.Method.invoke
Source: b.i.f.h;->k:9API Call: java.lang.reflect.Method.invoke
Source: b.i.f.g;->b:56API Call: java.lang.reflect.Method.invoke
Source: b.i.f.g;->i:71API Call: java.lang.reflect.Method.invoke
Source: b.i.f.g;->j:79API Call: java.lang.reflect.Method.invoke
Source: b.i.f.g;->k:87API Call: java.lang.reflect.Method.invoke
Source: b.i.f.g;->l:89API Call: java.lang.reflect.Method.invoke
Source: c.b.a.a.g.h.a;-><clinit>:5API Call: java.lang.reflect.Field.get
Source: c.b.a.a.g.h.k4;->run:4API Call: java.lang.reflect.Field.get
Source: c.b.a.a.g.h.q2;-><init>:7API Call: java.lang.reflect.Method.invoke
Source: c.b.a.a.g.h.s1;->a:48API Call: java.lang.reflect.Method.invoke
Source: c.b.a.a.g.h.t1;->h:4API Call: java.lang.reflect.Method.invoke
Source: b.b.o.i.d;->w:187API Call: java.lang.reflect.Method.invoke
Source: b.i.f.k.d;->isProjected:18API Call: java.lang.reflect.Method.invoke
Source: b.b.k.h;->attachBaseContext:71API Call: java.lang.reflect.Method.invoke
Source: b.b.k.k;->N:256API Call: java.lang.reflect.Method.invoke
Source: b.b.k.k;->q:580API Call: java.lang.reflect.Field.get
Source: b.b.k.k;->q:589API Call: java.lang.reflect.Field.get
Source: b.b.k.k;->q:599API Call: java.lang.reflect.Field.get
Source: b.b.k.k;->q:606API Call: java.lang.reflect.Field.get
Source: b.b.k.k$i;->X:654API Call: java.lang.reflect.Field.get
Source: b.b.k.k$i;->X0:668API Call: java.lang.reflect.Method.invoke
Source: b.b.k.k$i;->Y:679API Call: java.lang.reflect.Field.get
Source: b.b.k.r$a;->onClick:37API Call: java.lang.reflect.Method.invoke
Source: b.b.k.k$i;->b0:1082API Call: java.lang.reflect.Method.invoke
Source: c.b.a.a.d.k.c;-><init>:41API Call: java.lang.reflect.Method.invoke
Source: b.b.k.k$i;->i1:1267API Call: java.lang.reflect.Method.invoke
Source: b.i.l.d;->a:11API Call: java.lang.reflect.Method.invoke
Source: b.i.l.d;->a:22API Call: java.lang.reflect.Field.get
Source: b.i.l.q;->a:7API Call: java.lang.reflect.Method.invoke
Source: b.i.l.v$a;-><init>:8API Call: java.lang.reflect.Field.get
Source: b.i.l.m;->i:225API Call: java.lang.reflect.Field.get
Source: b.i.m.e;->onPrepareActionMode:30API Call: java.lang.reflect.Method.invoke
Source: b.n.b$a;->a:18API Call: java.lang.reflect.Method.invoke
Source: b.n.b$a;->a:20API Call: java.lang.reflect.Method.invoke
Source: b.n.b$a;->a:22API Call: java.lang.reflect.Method.invoke
Source: b.b.o.f$a;->onMenuItemClick:21API Call: java.lang.reflect.Method.invoke
Source: b.b.o.f$a;->onMenuItemClick:25API Call: java.lang.reflect.Method.invoke
Source: b.b.o.f$b;->c:52API Call: java.lang.reflect.Method.invoke
Source: b.b.p.a0;->e:25API Call: java.lang.reflect.Method.invoke
Source: c.b.a.a.d.o.e;->D1:319API Call: java.lang.reflect.Field.get
Source: b.b.p.a0;->f:159API Call: java.lang.reflect.Method.invoke
Source: c.b.a.a.d.o.e;->D1:338API Call: java.lang.reflect.Method.invoke
Source: c.b.a.a.d.o.e;->D1:346API Call: java.lang.reflect.Method.invoke
Source: b.b.p.k0;->a:70API Call: java.lang.reflect.Method.invoke
Source: b.b.p.k0;->a:125API Call: java.lang.reflect.Method.invoke
Source: b.b.p.k0;->a:140API Call: java.lang.reflect.Method.invoke
Source: b.p.a;->a:23API Call: java.lang.reflect.Field.get
Source: b.p.a;->g:206API Call: java.lang.reflect.Field.get
Source: b.p.a;->g:211API Call: java.lang.reflect.Method.invoke
Source: b.p.a;->g:223API Call: java.lang.reflect.Field.get
Source: b.u.b0;->d:17API Call: java.lang.reflect.Method.invoke
Source: b.w.a;->k:52API Call: java.lang.reflect.Method.invoke
Source: b.w.a;->o:79API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView$SearchAutoComplete;->a:13API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView;->t:456API Call: java.lang.reflect.Method.invoke
Source: androidx.appcompat.widget.SearchView;->t:461API Call: java.lang.reflect.Method.invoke
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Source: b.y.x.r.k;->b:24API Call: android.os.PowerManager.newWakeLock
Source: androidx.work.impl.background.systemalarm.RescheduleReceiver;->onReceive:18API Call: android.content.Context.startService (not executed)
Source: b.y.x.n.a.a;->f:138API Call: android.app.ActivityManager.getRunningAppProcesses
Source: c.b.b.c.f;-><init>:2API Call: java.security.MessageDigest.getInstance
Source: e.a.a.a.g.c1;->U0:225API Call: java.security.MessageDigest.getInstance
Source: e.a.a.a.g.c1;->U0:232API Call: java.security.MessageDigest.update
Source: e.a.a.a.g.c1;->U0:237API Call: java.security.MessageDigest.digest
Source: e.a.a.a.g.c1;->U0:240API Call: java.security.MessageDigest.digest
Source: b.b.k.k;-><clinit>:2Field Access: android.os.Build.FINGERPRINT
Source: c.b.a.a.d.k.c;-><init>:20Field Access: android.os.Build.BRAND
Source: c.b.a.a.d.k.c;-><init>:22Field Access: android.os.Build.ID
Source: c.b.a.a.d.k.c;-><init>:25Field Access: android.os.Build.ID
Source: com.google.android.material.textfield.TextInputEditText;->onAttachedToWindow:29Field Access: android.os.Build.MANUFACTURER
Source: c.b.a.b.x.z;->p:21Field Access: android.os.Build.MANUFACTURER
Source: c.b.a.b.x.z;->p:26Field Access: android.os.Build.MANUFACTURER
Source: Lb/i/l/q;->d(Landroid/view/ViewConfiguration;Landroid/content/Context;)ZMethod string: "android"
Source: Le/a/a/a/j/u;->b(Ljava/lang/String;)Ld/b/a/s;Method string: "type"
Source: Lc/b/a/a/d/c;->toString()Ljava/lang/String;Method string: "version"
Source: Le/a/a/a/f/c0;-><init>(Landroid/content/Context;)VMethod string: "phone"
Source: Ld/b/a/f;->V(Ld/b/a/e;Ld/b/a/g;)Ld/b/a/f;Method string: "time"
Source: e.a.a.a.f.c0;->a:5API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Source: c.b.a.a.j.b.a;->m:10API Call: android.accounts.Account.name
Source: e.a.a.a.f.f0;->b:70API Call: android.app.DownloadManager.enqueue

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionObfuscated Files or Information1Access Stored Application Data1System Network Connections Discovery1Remote ServicesLocation Tracking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationDelete Device Data1
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryLocation Tracking1Remote Desktop ProtocolAccess Stored Application Data1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerSystem Information Discovery1SMB/Windows Admin SharesNetwork Information Discovery1Automated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.