Loading ...

Play interactive tourEdit tour

Android Analysis Report Corona App.apk

Overview

General Information

Sample Name:Corona App.apk
Analysis ID:451801
MD5:d68d75b1a3de31aa8ab8a0884cbf7417
SHA1:c69c51d524cf871794ece1d1eef2181c0938f208
SHA256:d6cf06cd34f50317131591268d23ef266c01bf3f758893568f10204825cc3369
Tags:apksigned
Infos:

Most interesting Screenshot:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Deletes call logs/history
Forces setting a new device unlock password
May wipe phone data
Monitors outgoing Phone calls
Removes its application launcher (likely to stay hidden)
Tries to get accessibilty permissions (for UI automation)
Uses command line tools to install new APKs
Accesses android OS build fields
Checks an internet connection is available
Checks if a SIM card is installed
Checks if the device administrator is active
Creates SMS data (e.g. PDU)
Detected TCP or UDP traffic on non-standard ports
Dials phone numbers
Enables or disables WIFI
Executes native commands
Found suspicious command strings (may be related to BOT commands)
Has functionalty to add an overlay to other apps
Has permission to change the WIFI configuration including connecting and disconnecting
Has permission to draw over other applications or user interfaces
Has permission to execute code after phone reboot
Has permission to perform phone calls in the background
Has permission to query the list of currently running applications
Has permission to read contacts
Has permission to read the SMS storage
Has permission to read the call log
Has permission to read the default browser history
Has permission to read the phones state (phone number, device IDs, active call ect.)
Has permission to receive SMS in the background
Has permission to record audio in the background
Has permission to take photos
Has permission to terminate background processes of other applications
Has permissions to create, read or change account settings (inlcuding account password settings)
Has permissions to monitor, redirect and/or block calls
Installs a new wake lock (to get activate on phone screen on)
May access the Android keyguard (lock screen)
Monitors incoming Phone calls
Monitors incoming SMS
Obfuscates method names
Opens an internet connection
Performs DNS lookups (Java API)
Queries a list of installed applications
Queries camera information
Queries stored mail and application accounts (e.g. Gmail or Whatsup)
Queries the SIM provider ISO country code
Queries the SIM provider name (SPN - Service Provider Name)
Queries the SIM provider numeric MCC+MNC (mobile country code + mobile network code)
Queries the WIFI MAC address
Queries the phones location (GPS)
Queries the unique operating system id (ANDROID_ID)
Queries the unqiue device ID (IMEI, MEID or ESN)
Records audio/media
Requests potentially dangerous permissions
Requests root access
Sets an intent to the APK data type (used to install other APKs)
Starts/registers a service/receiver on phone boot (autostart)
Tries to add a new device administrator

Classification

Yara Overview

No yara matches

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: Corona App.apkAvira: detected
Multi AV Scanner detection for submitted fileShow sources
Source: Corona App.apkVirustotal: Detection: 59%Perma Link
Source: Corona App.apkReversingLabs: Detection: 55%
Source: com.android.tester.C11$24;->run:306API Call: android.telephony.TelephonyManager.getCellLocation
Source: com.android.tester.C11;->c:1096API Call: android.telephony.TelephonyManager.getCellLocation
Source: com.android.tester.C15$1;->onLocationChanged:3API Call: android.location.Location.getLongitude
Source: com.android.tester.C15$1;->onLocationChanged:6API Call: android.location.Location.getLatitude
Source: com.android.tester.C15;->a:45API Call: android.location.LocationManager.getLastKnownLocation
Source: com.android.tester.C15;->a:46API Call: android.location.Location.getLongitude
Source: com.android.tester.C15;->a:47API Call: android.location.Location.getLatitude
Source: com.android.tester.C15;->a:75API Call: android.location.LocationManager.getLastKnownLocation
Source: com.android.tester.C15;->a:76API Call: android.location.Location.getLongitude
Source: com.android.tester.C15;->a:77API Call: android.location.Location.getLatitude

Privilege Escalation:

barindex
Forces setting a new device unlock passwordShow sources
Source: com.android.tester.C11;->k:312API Call: android.app.admin.DevicePolicyManager.resetPassword
Source: com.android.tester.C7;->c:23API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.android.tester.C7$1;->run:19API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.android.tester.C7$1;->run:42API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.android.tester.c;->a:17API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.android.tester.C7$2;->run:41API Call: java.lang.Runtime.exec ("su")
Source: com.android.tester.C7;->d:54API Call: java.lang.Runtime.exec ("su")
Source: com.android.tester.b;->a:9API Call: java.lang.Runtime.exec ("su")
Source: com.android.tester.C7$1;->run:21API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN
Source: Lcom/android/tester/C7$1;->run()VMethod string: "android.app.action.ADD_DEVICE_ADMIN"
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Source: com.android.tester.C1;->a:14API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C1;->onAccessibilityEvent:155API Call: android.os.Environment.getExternalStorageState
Source: com.android.tester.C1;->onAccessibilityEvent:159API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C11$25;->run:10API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C11$26;->run:7API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C11$4;->run:7API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C11$4;->run:14API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C11$4;->run:17API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C11$4;->run:25API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C11$4;->run:33API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C11$4;->run:41API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C11$4;->run:51API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C11;->A:42API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.C7$2;->run:6API Call: android.os.Environment.getExternalStorageState
Source: com.android.tester.C7$2;->run:10API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.tester.a;->e:192API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.android.tester.a;->e:193API Call: android.net.NetworkInfo.getState
Source: com.android.tester.C11$24;->run:356API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.android.tester.C11$24;->run:700API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.android.tester.C11$24;->run:713API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.android.tester.C11;->b:951API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.android.tester.C11;->b:964API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.android.tester.a;->a:103API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.android.tester.a;->a:104API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.android.tester.a;->a:108API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.android.tester.a;->e:195API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.android.tester.a;->e:196API Call: android.net.NetworkInfo.getState
Source: global trafficTCP traffic: 192.168.2.30:56068 -> 8.8.4.4:853
Source: global trafficTCP traffic: 192.168.2.30:48958 -> 46.246.84.12:5214
Source: com.android.tester.C11;->g:1195API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.android.tester.C11;->g:1196API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.android.tester.C11;->g:1197API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$23;->run:77API Call: java.net.Socket.connect("androidmedallo.duckdns.org/46.246.84.12:5214")
Source: com.android.tester.C11$8;->run:41API Call: java.net.Socket.connect (not executed)
Source: com.android.tester.C5$1;->run:36API Call: java.net.Socket.connect (not executed)
Source: com.android.tester.a;->a:4API Call: java.net.URL.openConnection (not executed)
Source: com.android.tester.C11$23;->run:37API Call: java.net.InetAddress.getByName (URL: "androidmedallo.duckdns.org")
Source: com.android.tester.C11$8;->run:31API Call: java.net.InetAddress.getByName (not executed)
Source: com.android.tester.C5$1;->run:31API Call: java.net.InetAddress.getByName (not executed)
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.153.188
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.153.188
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.153.188
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.153.188
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.153.188
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.153.188
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.153.188
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.153.188
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.203.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.203.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.203.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.203.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.203.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.203.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.203.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.203.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.203.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.203.110
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: unknownTCP traffic detected without corresponding DNS query: 46.246.84.12
Source: abc_tint_btn_checkable.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: abc_action_menu_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto((android.support.v7.widget.ActionMenuView
Source: chat.xml, abc_ic_clear_material.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: androidString found in binary or memory: https://www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 39602 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34844
Source: unknownNetwork traffic detected: HTTP traffic on port 34844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50458 -> 443
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Source: submitted apkRequest permission: android.permission.CAMERA
Source: com.android.tester.C11$33;->run:101API Call: android.media.AudioRecord.startRecording
Source: com.android.tester.C11;->a:128API Call: android.media.AudioRecord.startRecording
Source: com.android.tester.C11$33;->run:27API Call: android.media.AudioRecord.<init>
Source: com.android.tester.C11$33;->run:37API Call: android.media.AudioRecord.<init>
Source: com.android.tester.C11$33;->run:47API Call: android.media.AudioRecord.<init>
Source: com.android.tester.C11$33;->run:57API Call: android.media.AudioRecord.<init>
Source: com.android.tester.C11$33;->run:67API Call: android.media.AudioRecord.<init>
Source: com.android.tester.C11$33;->run:74API Call: android.media.AudioRecord.<init>
Source: com.android.tester.C11;->a:125API Call: android.media.AudioRecord.<init>
Source: com.android.tester.C5;->onCreate:95API Call: WindowManager.addView
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: com.android.tester.C11;->r:628API Call: com.android.tester.C11.startActivity
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS

Operating System Destruction:

barindex
Deletes call logs/historyShow sources
Source: com.android.tester.C11$27;->run:23API Call: android.content.ContentResolver.delete
May wipe phone dataShow sources
Source: com.android.tester.C11;->k:329API Call: android.app.admin.DevicePolicyManager.wipeData
Source: androidString found in binary or memory: keyguard
Source: com.android.tester.C11$23;->run:219API Call: android.os.PowerManager$WakeLock.acquire
Source: com.android.tester.C11;->g:1199API Call: android.media.AudioManager.setRingerMode("0")
Source: com.android.tester.C11$9;->run:13API Call: android.app.WallpaperManager.setBitmap
Source: com.android.tester.C11$11;->run:15API Call: java.lang.Runtime.exec
Source: com.android.tester.C7$2;->run:41API Call: java.lang.Runtime.exec ("su")
Source: com.android.tester.C7;->d:54API Call: java.lang.Runtime.exec ("su")
Source: com.android.tester.b;->a:9API Call: java.lang.Runtime.exec ("su")
Source: com.android.tester.b;->a:19API Call: java.lang.Runtime.exec
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.BLUETOOTH
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_CONTACTS
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apkRequest permission: com.android.browser.permission.READ_HISTORY_BOOKMARKS
Source: classification engineClassification label: mal84.rans.spyw.evad.andAPK@0/251@0/0
Source: com.android.tester.a;->a:140API Call: "10334":
Source: com.android.tester.a;->a:140API Call: "10335":
Source: com.android.tester.a;->a:140API Call: "10336":
Source: com.android.tester.a;->a:140API Call: "10333":
Source: com.android.tester.a;->a:140API Call: "10355":
Source: com.android.tester.a;->a:140API Call: "10355": failed to connect to androidmedallo.duckdns.org/46.246.84.12 (port 5214) from /192.168.2.30 (port 48958) after 1000ms
Source: Corona App.apkTotal valid method names: 2%

Persistence and Installation Behavior:

barindex
Tries to get accessibilty permissions (for UI automation)Show sources
Source: com.android.tester.C7$1;->run:38API Call: com.android.tester.C7.startActivity
Uses command line tools to install new APKsShow sources
Source: Lcom/android/tester/C7$2;->run()VMethod string: pm install -r
Source: com.android.tester.C7$2;->run:77API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Source: com.android.tester.C1;->a:33API Call: java.io.FileWriter.<init>
Source: com.android.tester.C11$2;->run:4API Call: java.io.FileWriter.<init>
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Source: com.android.tester.C11$23;->run:216API Call: android.os.PowerManager.newWakeLock
Source: com.android.tester.C13;->onReceive:17API Call: android.content.Context.startService (not executed)
Source: com.android.tester.C4;->a:4API Call: android.content.Context.startService (not executed)

Hooking and other Techniques for Hiding and Protection:

barindex
Removes its application launcher (likely to stay hidden)Show sources
Source: com.android.tester.C1;->a:62API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Source: com.android.tester.C3;->a:10API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Source: com.android.tester.C3;->b:27API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Source: com.android.tester.C7;->a:80API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.KILL_BACKGROUND_PROCESSES
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
Source: com.android.tester.C11$23;->run:112Field Access: android.os.Build.MANUFACTURER
Source: com.android.tester.C11$23;->run:116Field Access: android.os.Build.MODEL
Source: com.android.tester.C11$24;->run:25Field Access: android.os.Build.MODEL
Source: com.android.tester.C11$24;->run:34Field Access: android.os.Build.BOARD
Source: com.android.tester.C11$24;->run:43Field Access: android.os.Build.BRAND
Source: com.android.tester.C11$24;->run:61Field Access: android.os.Build.DEVICE
Source: com.android.tester.C11$24;->run:70Field Access: android.os.Build.DISPLAY
Source: com.android.tester.C11$24;->run:79Field Access: android.os.Build.FINGERPRINT
Source: com.android.tester.C11$24;->run:97Field Access: android.os.Build.HOST
Source: com.android.tester.C11$24;->run:106Field Access: android.os.Build.ID
Source: com.android.tester.C11$24;->run:115Field Access: android.os.Build.MANUFACTURER
Source: com.android.tester.C11$24;->run:124Field Access: android.os.Build.PRODUCT
Source: com.android.tester.C11$24;->run:142Field Access: android.os.Build.TAGS
Source: com.android.tester.C11$24;->run:151Field Access: android.os.Build.USER
Source: com.android.tester.C11$23;->run:120Field Access: android.os.Build$VERSION.RELEASE
Source: com.android.tester.C11$24;->run:175Field Access: android.os.Build$VERSION.RELEASE
Source: com.android.tester.a;->d:189API Call: android.provider.Settings$Secure.getString
Source: com.android.tester.C11$24;->run:292API Call: android.telephony.TelephonyManager.getSimCountryIso
Source: com.android.tester.C11$24;->run:268API Call: android.telephony.TelephonyManager.getSimOperatorName
Source: com.android.tester.C11$24;->run:256API Call: android.telephony.TelephonyManager.getSimOperator
Source: com.android.tester.C11$24;->run:304API Call: android.telephony.TelephonyManager.getSimOperator
Source: com.android.tester.C11;->c:1094API Call: android.telephony.TelephonyManager.getSimOperator
Source: com.android.tester.C11$24;->run:357API Call: android.net.wifi.WifiInfo.getMacAddress
Source: com.android.tester.C11$24;->run:220API Call: android.telephony.TelephonyManager.getSubscriberId
Source: com.android.tester.C11$24;->run:232API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.android.tester.C11$24;->run:244API Call: android.telephony.TelephonyManager.getSimSerialNumber
Source: com.android.tester.C11$24;->run:280API Call: android.telephony.TelephonyManager.getLine1Number
Source: com.android.tester.a;->d:184API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.android.tester.a;->d:185API Call: android.telephony.TelephonyManager.getDeviceId

Stealing of Sensitive Information:

barindex
Monitors outgoing Phone callsShow sources
Source: com.android.tester.C9Registered receiver: android.intent.action.NEW_OUTGOING_CALL
Source: com.android.tester.C11$24;->run:661API Call: android.telephony.TelephonyManager.getSimState
Source: com.android.tester.C11;->b:915API Call: android.telephony.TelephonyManager.getSimState
Source: com.android.tester.C10;->onReceive:15API Call: android.telephony.SmsMessage.createFromPdu
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.READ_CALL_LOG
Source: submitted apkRequest permission: com.android.browser.permission.READ_HISTORY_BOOKMARKS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.GET_ACCOUNTS
Source: com.android.tester.C9Registered receiver: android.intent.action.PHONE_STATE
Source: com.android.tester.C10Registered receiver: android.provider.Telephony.SMS_RECEIVED
Source: com.android.tester.C11$19;->run:6API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.android.tester.a;->f:20API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.android.tester.C11$34;->run:2API Call: android.hardware.Camera.open
Source: com.android.tester.C11$34;->run:4API Call: android.hardware.Camera.getNumberOfCameras
Source: com.android.tester.C11$34;->run:6API Call: android.hardware.Camera.getCameraInfo
Source: com.android.tester.C5;->a:59API Call: android.hardware.Camera.open
Source: com.android.tester.C5;->surfaceCreated:129API Call: android.hardware.Camera.open
Source: com.android.tester.C11$16;->run:6API Call: android.accounts.AccountManager.getAccounts
Source: com.android.tester.C11$16;->run:8API Call: android.accounts.Account.type
Source: com.android.tester.C11$16;->run:12API Call: android.accounts.Account.name
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: Lcom/android/tester/C9;->a(ILjava/lang/String;)VMethod string: "in call started["
Source: Lcom/android/tester/C11;->k(Ljava/lang/String;Ljava/lang/String;)VInstruction: "landroid/app/admin/devicepolicymanager;->wipedata(i)v"
Source: Lcom/android/tester/C11$27;->run()VInstruction: "sget-object v3, landroid/provider/calllog$calls;->content_uri:landroid/net/uri;"
Source: Lcom/android/tester/C9;->a(ILjava/lang/String;)VInstruction: "const-string v0, "in call started[""

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionApplication Discovery2Capture SMS Messages1System Network Connections Discovery1Remote ServicesAccess Call Log11Exfiltration Over Other Network MediumEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMS2Remotely Track Device Without AuthorizationDelete Device Data1
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information1Access Stored Application Data1System Network Configuration Discovery2Remote Desktop ProtocolLocation Tracking11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerLocation Tracking11SMB/Windows Admin SharesCapture Audio21Automated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSApplication Discovery2Distributed Component Object ModelNetwork Information Discovery1Scheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery1SSHCapture SMS Messages1Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Owner/User DiscoveryVNCAccess Stored Application Data1Exfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.