Play interactive tour

Edit tour

Android Analysis Report Android_Guncelleme.apk

Overview

General Information

Sample Name:	Android_Guncelleme.apk
Analysis ID:	473269
MD5:	635a7d30df87a8bbbbeedfe0d5da7891
SHA1:	d8f08f117f7c79732f12c6b11538eefab8bc93e8
SHA256:	c6f35accd37dc1440ff1fe474d6e4dc94be2e58cebc66dca6c6d860a8c2bc4ad
Tags:	apk
Infos:
Most interesting Screenshot:

Detection

Cerberus

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Detected Cerberus Banking Trojan

Access the class loader (often done to load a new code)

Accesses FileOutputStream via Reflection

Removes its application launcher (likely to stay hidden)

Tries to disable the administrator user

Drops a new dex file

Requests to ignore battery optimizations

Drops a new APK file

Queries list of running processes/tasks

Uses the DexClassLoader (often used for code injection)

Starts an activity on phone boot (autostart)

Starts/registers a service/receiver on phone boot (autostart)

Obfuscates method names

Has permission to read the SMS storage

Found suspicious command strings (may be related to BOT commands)

Monitors incoming SMS

Checks an internet connection is available

Creates SMS data (e.g. PDU)

Requests potentially dangerous permissions

Has permission to perform phone calls in the background

Queries the phones location (GPS)

Opens an internet connection

Queries the network operator name

May access the Android keyguard (lock screen)

Has permission to receive SMS in the background

Lists and deletes files in the same context

Has permission to read contacts

Uses DownloadManager to fetch additional components

Queries the network operator ISO country code

Detected TCP or UDP traffic on non-standard ports

Has functionalty to add an overlay to other apps

Queries the unqiue device ID (IMEI, MEID or ESN)

Has permission to read the phones state (phone number, device IDs, active call ect.)

Accesses android OS build fields

Executes native commands

Queries MMS data

Checks if the device administrator is active

Performs DNS lookups (Java API)

Queries several sensitive phone informations

Has permission to send SMS in the background

Has permission to execute code after phone reboot

Uses reflection

Classification

Yara Overview

No yara matches

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: Android_Guncelleme.apk

Virustotal: Detection: 11%

Perma Link

Source: com.fyber.inneractive.sdk.l.b;->k:133	API Call: android.location.Location.getLatitude
Source: com.fyber.inneractive.sdk.l.b;->l:137	API Call: android.location.Location.getLongitude
Source: com.fyber.inneractive.sdk.util.u;->a:46	API Call: android.location.LocationManager.getLastKnownLocation
Source: com.fyber.inneractive.sdk.util.u;->a:62	API Call: android.location.LocationManager.getLastKnownLocation

Source: woman.appear.infant.b.a;->j:812

API Call: android.app.admin.DevicePolicyManager.isAdminActive

Source: unknown

HTTPS traffic detected: 142.250.186.131:443 -> 192.168.2.30:55236 version: TLS 1.2

Source: com.fyber.inneractive.sdk.player.a.l;->a:10	API Call: android.os.Environment.getExternalStorageState
Source: com.fyber.inneractive.sdk.player.a.l;->a:13	API Call: android.os.Environment.getExternalStorageState
Source: com.fyber.inneractive.sdk.l.a;->a:20	API Call: android.os.Environment.getExternalStorageState
Source: com.fyber.inneractive.sdk.m.d;->h:664	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tenta.xwalk.refactor.XWalkPathHelper;->initialize:2	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tenta.xwalk.refactor.XWalkViewInitializer;->DoInit:11	API Call: android.os.Environment.getExternalStorageState

Source: com.kochava.base.x;->b:310	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kochava.base.x;->b:311	API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.kochava.base.network.DataPointsNetwork;->a:6	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.kochava.base.network.DataPointsNetwork;->a:7	API Call: android.net.NetworkInfo.isConnected
Source: com.kochava.base.network.DataPointsNetwork;->c:26	API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.kochava.base.network.DataPointsNetwork;->d:33	API Call: android.net.wifi.WifiManager.getConnectionInfo

Source: woman.appear.infant.a.a$a;->a:3	API Call: java.net.URL.openConnection (not executed)
Source: com.fyber.inneractive.sdk.player.a.e$b;->a:3	API Call: java.net.URL.openConnection (not executed)
Source: com.fyber.inneractive.sdk.player.a.i;->a:71	API Call: java.net.URL.openConnection (not executed)
Source: com.kochava.base.x;->a:109	API Call: java.net.URL.openConnection (not executed)
Source: com.fyber.inneractive.sdk.h.c;->a:114	API Call: java.net.URL.openConnection (not executed)
Source: com.kochava.core.network.base.internal.NetworkBaseRequest;->a:10	API Call: java.net.URL.openConnection (not executed)
Source: com.fyber.inneractive.sdk.player.c.j.n;->a:50	API Call: java.net.URL.openConnection (not executed)
Source: com.fyber.inneractive.sdk.util.o;->b:20	API Call: java.net.URL.openConnection (not executed)

Source: global traffic

TCP traffic: 192.168.2.30:56068 -> 8.8.4.4:853

Source: com.squareup.okhttp.internal.http.AuthenticatorAdapter;->getConnectToInetAddress:8	API Call: java.net.InetAddress.getByName (not executed)
Source: io.grpc.internal.DnsNameResolver$JdkAddressResolver;->resolveAddress:7	API Call: java.net.InetAddress.getAllByName (not executed)
Source: io.grpc.internal.ProxyDetectorImpl;->detectProxy:43	API Call: java.net.InetAddress.getByName (not executed)
Source: com.squareup.okhttp.Dns$1;->lookup:2	API Call: java.net.InetAddress.getAllByName (not executed)
Source: com.fyber.inneractive.sdk.video.IAVideoKit;->onReceive:12	API Call: java.net.InetAddress.getByName (not executed)

Source: unknown	Network traffic detected: HTTP traffic on port 39602 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35928
Source: unknown	Network traffic detected: HTTP traffic on port 50870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55236
Source: unknown	Network traffic detected: HTTP traffic on port 35928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50458 -> 443

Source: woman.appear.infant.a.a$a;->a:23	API Call: java.net.HttpURLConnection.connect
Source: com.fyber.inneractive.sdk.player.a.e$b;->a:9	API Call: java.net.HttpURLConnection.connect
Source: com.fyber.inneractive.sdk.player.a.i;->a:78	API Call: java.net.HttpURLConnection.connect
Source: com.kochava.base.x;->a:47	API Call: java.net.HttpURLConnection.connect
Source: com.kochava.base.x;->a:78	API Call: java.net.HttpURLConnection.connect
Source: com.fyber.inneractive.sdk.h.c;->a:167	API Call: java.net.HttpURLConnection.connect
Source: com.kochava.core.network.base.internal.NetworkBaseRequest;->httpCallRespondBitmap:79	API Call: java.net.HttpURLConnection.connect
Source: com.kochava.core.network.base.internal.NetworkBaseRequest;->httpCallRespondJsonElement:92	API Call: java.net.HttpURLConnection.connect
Source: com.fyber.inneractive.sdk.player.c.j.n;->a:94	API Call: java.net.HttpURLConnection.connect
Source: com.fyber.inneractive.sdk.player.c.j.n;->a:98	API Call: java.net.HttpURLConnection.connect

Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 66.102.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.206
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.206
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.206
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.206
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.206
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.206
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.206
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.206
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.206
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.206
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131

Source: index.html	String found in binary or memory: http://code.google.com/p/zxing
Source: hiedygggnhop.xml, AndroidManifest.xml	String found in binary or memory: http://schemas.android.com/apk/res/android
Source: Montserrat-Regular.ttf	String found in binary or memory: http://scripts.sil.org/OFL
Source: Montserrat-Regular.ttf	String found in binary or memory: http://scripts.sil.org/OFLThis
Source: Montserrat-Regular.ttf	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: classes.dex	String found in binary or memory: http://www.fyber.com
Source: classes.dex	String found in binary or memory: http://www.fyber.com:http://xmlpull.org/v1/doc/features.html#process-namespaces
Source: black.mp4	String found in binary or memory: http://www.videolan.org/x264.html
Source: classes.dex, android	String found in binary or memory: http://xmlpull.org/v1/doc/features.html#process-namespaces
Source: sharing.html	String found in binary or memory: http://zxing.appspot.com/generator/
Source: classes.dex	String found in binary or memory: https://%sconfig_android.json
Source: classes.dex	String found in binary or memory: https://%sconfig_android.jsonChttps://cdn2.inner-active.mobi/IA-JSTag/Production/centering_v1.cssBht
Source: android	String found in binary or memory: https://cdn2.inner-active.mobi/IA-JSTag/Production/centering_v1.css
Source: android	String found in binary or memory: https://cdn2.inner-active.mobi/IA-JSTag/Production/centering_v1.js
Source: android	String found in binary or memory: https://cdn2.inner-active.mobi/client/ia-js-tags/MRAID-VIDEO.js
Source: classes.dex, android	String found in binary or memory: https://cdn2.inner-active.mobi/client/ia-js-tags/ia-tag-sdk.min-android-7.7.2.js
Source: classes.dex, android	String found in binary or memory: https://control.kochava.com/track/json
Source: classes.dex, android	String found in binary or memory: https://control.kochava.com/track/kvquery
Source: google-services.json	String found in binary or memory: https://digital-master-gp.firebaseio.com
Source: classes.dex	String found in binary or memory: https://github.com/ReactiveX/RxJava/wiki/Error-Handling
Source: classes.dex	String found in binary or memory: https://github.com/ReactiveX/RxJava/wiki/Plugins
Source: classes.dex, android	String found in binary or memory: https://github.com/ReactiveX/RxJava/wiki/What
Source: classes.dex	String found in binary or memory: https://github.com/grpc/grpc-java/issues/5015
Source: classes.dex, android	String found in binary or memory: https://icm.kochava.com/v1/config
Source: classes.dex	String found in binary or memory: https://icm.kochava.com/v1/config0https://kvinit-prod.api.kochava.com/track/kvinit)https://location.
Source: classes.dex, android	String found in binary or memory: https://kvinit-prod.api.kochava.com/track/kvinit
Source: classes.dex, android	String found in binary or memory: https://location.api.kochava.com/geoevent
Source: classes.dex, android	String found in binary or memory: https://location.api.kochava.com/location
Source: classes.dex	String found in binary or memory: https://smart.link/v1/links-sdk
Source: classes.dex, android	String found in binary or memory: https://token.api.kochava.com/token/add
Source: classes.dex, android	String found in binary or memory: https://token.api.kochava.com/token/remove

Source: unknown

HTTPS traffic detected: 142.250.186.131:443 -> 192.168.2.30:55236 version: TLS 1.2

E-Banking Fraud:

Detected Cerberus Banking Trojan

Show sources

Source: Lwoman/appear/infant/rbzsrjmmkns/tivmiujr;->onAccessibilityEvent(Landroid/view/accessibility/AccessibilityEvent;)V

Method string: Cerberus strings

Source: com.fyber.inneractive.sdk.player.f.b;->c:446

API Call: WindowManager.addView

Spam, unwanted Advertisements and Ransom Demands:

Tries to disable the administrator user

Show sources

Source: woman.appear.infant.rbzsrjmmkns.ieibeyvlhfcopy;->onHandleIntent:75	API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin
Source: woman.appear.infant.yyvuxbdd.ciadeleihybut;->onCreate:29	API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin

Source: submitted apk

Request permission: android.permission.CALL_PHONE

Source: submitted apk

Request permission: android.permission.SEND_SMS

Source: com.squareup.okhttp.internal.io.FileSystem$1;->deleteContents:17	API Calls in same method context: File.listFiles,File.delete
Source: com.fyber.inneractive.sdk.player.c.j.a.k$1;->run:31	API Calls in same method context: File.listFiles,File.delete
Source: com.fyber.inneractive.sdk.player.a.k;->a:9	API Calls in same method context: File.listFiles,File.delete

Source: classes.dex	String found in binary or memory: Landroid/app/KeyguardManager;
Source: classes.dex	String found in binary or memory: Landroid/app/KeyguardManager;"Landroid/app/Notification$Builder;
Source: classes.dex	String found in binary or memory: isKeyguardLocked
Source: classes.dex	String found in binary or memory: keyguard
Source: TEYJT.json.dr	String found in binary or memory: inKeyguardRestrictedInputMode

Source: woman.appear.infant.b.a;->a:27

API Call: android.app.AlarmManager.setRepeating

System Summary:

Requests to ignore battery optimizations

Show sources

Source: Lwoman/appear/infant/fgxti/adfy;->onCreate(Landroid/os/Bundle;)V

Method string: "android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"

Source: submitted apk	Request permission: android.permission.CALL_PHONE
Source: submitted apk	Request permission: android.permission.INTERNET
Source: submitted apk	Request permission: android.permission.READ_CONTACTS
Source: submitted apk	Request permission: android.permission.READ_PHONE_STATE
Source: submitted apk	Request permission: android.permission.READ_SMS
Source: submitted apk	Request permission: android.permission.RECEIVE_SMS
Source: submitted apk	Request permission: android.permission.SEND_SMS
Source: submitted apk	Request permission: android.permission.WAKE_LOCK

Source: com.tenta.xwalk.refactor.XWalkViewDelegate;->getDeviceAbi:58

API Call: java.lang.Runtime.exec ("getprop ro.product.cpu.abi")

Source: woman.appear.infant.b.a;->a:47	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.b.a$1;->a:47	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.ReferralReceiver;->onReceive:16	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:155	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:159	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:163	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:167	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:171	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:175	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:179	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:183	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:187	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:191	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:195	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:199	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:203	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.Tracker;->configure:207	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:52	API Call: android.content.SharedPreferences.getBoolean
Source: com.kochava.base.d;->a:55	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:56	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:76	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:79	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:81	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:96	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:98	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:99	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:117	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:119	API Call: android.content.SharedPreferences.getString
Source: com.kochava.base.d;->a:120	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.config.d;->a:10	API Call: android.content.SharedPreferences.getBoolean
Source: com.fyber.inneractive.sdk.config.d;->a:15	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.config.d;->a:19	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.config.d;->a:25	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.config.d;->a:31	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.config.c;->d:318	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.d.a$1;->run:36	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.external.InneractiveAdManager;->initialize:146	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.external.InneractiveAdManager;->initialize:149	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.external.InneractiveAdManager;->initialize:152	API Call: android.content.SharedPreferences.getString
Source: com.fyber.inneractive.sdk.f.b$1;->run:63	API Call: android.content.SharedPreferences.getString
Source: com.kochava.core.storage.queue.internal.StorageQueue;->get:48	API Call: android.content.SharedPreferences.getString
Source: com.tenta.xwalk.refactor.XWalkGeolocationPermissions;->isOriginAllowed:65	API Call: android.content.SharedPreferences.getBoolean
Source: com.fyber.inneractive.sdk.util.an$2;->run:10	API Call: android.content.SharedPreferences.getString

Source: com.kochava.base.d;->onCreate:588

API Call: android.database.sqlite.SQLiteDatabase.execSQL

Source: classification engine

Classification label: mal84.rans.troj.spyw.expl.evad.andAPK@0/254@0/0

Source: woman.appear.infant.rbzsrjmmkns.bqbircvcganbu;->onCreate:37	API Call: android.hardware.SensorManager.registerListener
Source: woman.appear.infant.rbzsrjmmkns.bqbircvcganbu;->onSensorChanged:42	API Call: android.hardware.SensorManager.registerListener
Source: woman.appear.infant.rbzsrjmmkns.bqbircvcganbu;->onSensorChanged:45	API Call: android.hardware.SensorManager.registerListener
Source: woman.appear.infant.rbzsrjmmkns.bqbircvcganbu;->onStartCommand:55	API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

Accesses FileOutputStream via Reflection

Show sources

Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133

API Call: Reflective call: public void java.io.FileOutputStream.write(byte[]) throws java.io.IOException

Source: Android_Guncelleme.apk

Total valid method names: 72%

Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: null
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: android.content.res.AssetManager.addAssetPath
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public int android.content.res.AssetManager.addAssetPath(java.lang.String)
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: null
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public android.content.res.AssetManager android.app.ContextImpl.getAssets()
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: android.content.res.AssetManager.open
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public java.io.InputStream android.content.res.AssetManager.open(java.lang.String) throws java.io.IOException
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: java.io.BufferedInputStream.read
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public int java.io.FilterInputStream.read(byte[]) throws java.io.IOException
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: java.io.BufferedInputStream.read
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public int java.io.FilterInputStream.read(byte[]) throws java.io.IOException
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: null
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: null
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public void java.io.BufferedInputStream.close() throws java.io.IOException
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: IytlwU
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: IytlwU
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public byte[] java.lang.String.getBytes()
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: null
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public void java.io.FileOutputStream.write(byte[]) throws java.io.IOException
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: null
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: enemy.broccoli.nut.LUrJnYhKkKcHhBjWdHmDlFwHlGsYxRaYbCmXoAiAy;->cactusmad:133	API Call: Real call: null
Source: enemy.broccoli.nut.NImZyMpWwAeQlPaHmZzMt;->caughtvast:48	API Call: Real call: null
Source: enemy.broccoli.nut.NImZyMpWwAeQlPaHmZzMt;->caughtvast:48	API Call: Real call: public static android.app.ActivityThread android.app.ActivityThread.currentActivityThread()
Source: enemy.broccoli.nut.NImZyMpWwAeQlPaHmZzMt;->caughtvast:48	API Call: Real call: final android.util.ArrayMap android.app.ActivityThread.mPackages
Source: enemy.broccoli.nut.NImZyMpWwAeQlPaHmZzMt;->caughtvast:48	API Call: Real call: final android.util.ArrayMap android.app.ActivityThread.mPackages
Source: enemy.broccoli.nut.NImZyMpWwAeQlPaHmZzMt;->caughtvast:48	API Call: Real call: public native java.lang.Object java.lang.reflect.Field.get(java.lang.Object) throws java.lang.IllegalArgumentException,java.lang.IllegalAccessException
Source: enemy.broccoli.nut.NImZyMpWwAeQlPaHmZzMt;->caughtvast:48	API Call: Real call: null
Source: enemy.broccoli.nut.NImZyMpWwAeQlPaHmZzMt;->caughtvast:48	API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: enemy.broccoli.nut.NImZyMpWwAeQlPaHmZzMt;->caughtvast:48	API Call: Real call: public native java.lang.Object java.lang.reflect.Field.get(java.lang.Object) throws java.lang.IllegalArgumentException,java.lang.IllegalAccessException
Source: woman.appear.infant.b.a;->d:467	API Call: java.lang.reflect.Method.invoke
Source: enemy.broccoli.nut.WHnIjUtXg;->blousekangaroo:67	API Call: java.lang.reflect.Method.invoke
Source: com.fyber.inneractive.sdk.player.c.a.e;->a:166	API Call: java.lang.reflect.Method.invoke
Source: com.squareup.okhttp.internal.http.RouteException;->addSuppressedIfPossible:5	API Call: java.lang.reflect.Method.invoke
Source: com.squareup.okhttp.internal.Platform$JettyNegoProvider;->invoke:31	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.internal.AbstractManagedChannelImplBuilder;->getEffectiveInterceptors:43	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.internal.AbstractManagedChannelImplBuilder;->getEffectiveInterceptors:60	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.internal.GrpcUtil$3;->create:13	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.internal.GrpcUtil;->getHost:67	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.internal.ReflectionLongAdderCounter;->add:28	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.okhttp.internal.OptionalMethod;->invoke:15	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.okhttp.internal.OptionalMethod;->invokeOptional:35	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.okhttp.internal.Platform$JdkAlpnPlatform;->configureTlsExtensions:15	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.okhttp.internal.Platform$JdkAlpnPlatform;->getSelectedProtocol:20	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.okhttp.internal.Platform$JdkWithJettyBootPlatform;->afterHandshake:3	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.okhttp.internal.Platform$JdkWithJettyBootPlatform;->configureTlsExtensions:18	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.okhttp.internal.Platform$JdkWithJettyBootPlatform;->getSelectedProtocol:22	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.okhttp.internal.Platform$JettyNegoProvider;->invoke:31	API Call: java.lang.reflect.Method.invoke
Source: io.grpc.okhttp.internal.Platform;->findPlatform:60	API Call: java.lang.reflect.Method.invoke
Source: com.fyber.inneractive.sdk.player.c.j.n;->b:212	API Call: java.lang.reflect.Method.invoke
Source: com.squareup.okhttp.internal.tls.AndroidTrustRootIndex;->findByIssuerAndSignature:9	API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.validator.ValidatorAction;->executeValidationMethod:170	API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

Drops a new dex file

Show sources

Source: Android App

File dump: /data/user/0/enemy.broccoli.nut/app_DynamicOptDex/TEYJT.json

Jump to dropped file

Drops a new APK file

Show sources

Source: Android App

File dump: /data/app/enemy.broccoli.nut--w6oZiOkNLpZABwJUKvyEw==/base.apk

Jump to dropped file

Source: woman.appear.infant.fijpjflbxwm.hrmz;->onReceive:162

API Call: android.content.Context.startActivity (not executed)

Source: woman.appear.infant.fijpjflbxwm.hrmz;->onReceive:46	API Call: android.content.Context.startService (not executed)
Source: woman.appear.infant.fijpjflbxwm.hrmz;->onReceive:67	API Call: android.content.Context.startService (not executed)

Source: submitted apk

Request permission: android.permission.RECEIVE_BOOT_COMPLETED

Hooking and other Techniques for Hiding and Protection:

Removes its application launcher (likely to stay hidden)

Show sources

Source: woman.appear.infant.b.a;->m:31

API Call: android.content.pm.PackageManager.setComponentEnabledSetting

Source: com.kochava.base.x;->a:211

API Call: android.app.ActivityManager.getRunningAppProcesses

Source: com.fyber.inneractive.sdk.player.a.e;->a:29	API Call: java.security.MessageDigest.getInstance
Source: com.fyber.inneractive.sdk.player.a.e;->a:31	API Call: java.security.MessageDigest.update
Source: com.fyber.inneractive.sdk.player.a.e;->a:32	API Call: java.security.MessageDigest.digest
Source: com.fyber.inneractive.sdk.player.a.e;->b:48	API Call: java.security.MessageDigest.getInstance
Source: com.fyber.inneractive.sdk.player.a.e;->b:50	API Call: java.security.MessageDigest.update
Source: com.fyber.inneractive.sdk.player.a.e;->b:51	API Call: java.security.MessageDigest.digest
Source: com.fyber.inneractive.sdk.player.c.j.a.i;->a:40	API Call: javax.crypto.Cipher.init
Source: com.fyber.inneractive.sdk.player.c.j.a.i;->c:106	API Call: javax.crypto.Cipher.init

Source: woman.appear.infant.b.b;->a:13	Field Access: android.os.Build.MANUFACTURER
Source: woman.appear.infant.b.b;->a:14	Field Access: android.os.Build.MODEL
Source: woman.appear.infant.rbzsrjmmkns.sbhrfrhvljwm;->a:267	Field Access: android.os.Build$VERSION.RELEASE
Source: com.fyber.inneractive.sdk.h.i;-><init>:17	Field Access: android.os.Build$VERSION.RELEASE
Source: com.fyber.inneractive.sdk.player.c.k.t;-><clinit>:3	Field Access: android.os.Build.DEVICE
Source: com.fyber.inneractive.sdk.player.c.k.t;-><clinit>:4	Field Access: android.os.Build.MANUFACTURER
Source: com.fyber.inneractive.sdk.player.c.k.t;-><clinit>:5	Field Access: android.os.Build.MODEL
Source: com.fyber.inneractive.sdk.l.c;->a:184	Field Access: android.os.Build$VERSION.RELEASE
Source: com.tenta.xwalk.refactor.XWalkViewDelegate;->getDeviceAbi:55	Field Access: android.os.Build.CPU_ABI

Source: Lcom/fyber/inneractive/sdk/l/c;->a()Ljava/lang/String;	Method string: "os"
Source: Lcom/tenta/xwalk/refactor/XWalkLaunchScreenManager;->getStatusBarHeight()I	Method string: "android"
Source: Lio/grpc/MethodDescriptor;-><init>(Lio/grpc/MethodDescriptor$MethodType;Ljava/lang/String;Lio/grpc/MethodDescriptor$Marshaller;Lio/grpc/MethodDescriptor$Marshaller;Ljava/lang/Object;ZZZ)V	Method string: "type"
Source: Lcom/kochava/consent/profile/internal/Profile;->loadProfile()V	Method string: "version"
Source: Lenemy/violin/CKmFkFyAkMgJiFkIuUpWzRkHgKaKbEwZzSyHj;-><clinit>()V	Method string: "phone"
Source: Lenemy/violin/XTeGzGmYeYu;-><clinit>()V	Method string: "appid"
Source: Lcom/fyber/inneractive/sdk/h/i;-><init>(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V	Method string: "model"
Source: Lio/grpc/internal/ChannelLoggerImpl;-><init>(Lio/grpc/internal/ChannelTracer;Lio/grpc/internal/TimeProvider;)V	Method string: "time"

Source: classes.dex

Binary or memory string: Ljava/lang/VirtualMachineError;

Anti Debugging:

Access the class loader (often done to load a new code)

Show sources

Source: enemy.broccoli.nut.NImZyMpWwAeQlPaHmZzMt;->burdenspend:47	API Call: java.lang.Class.getDeclaredField("mClassLoader")
Source: Lenemy/broccoli/nut/NImZyMpWwAeQlPaHmZzMt;->burdenspend(Ljava/lang/String;Ljava/lang/Class;)Ljava/lang/reflect/Field;	Method string: "mClassLoader"
Source: Lenemy/broccoli/nut/NImZyMpWwAeQlPaHmZzMt;->mimicgoat()Ljava/lang/StringBuffer;	Method string: "mClassLoader"

Source: woman.appear.infant.b.a;->d:459	API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: woman.appear.infant.b.a;->d:462	API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Source: woman.appear.infant.rbzsrjmmkns.sbhrfrhvljwm;->a:279

API Call: android.telephony.TelephonyManager.getNetworkOperatorName

Source: woman.appear.infant.b.a;->b:246	API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Source: woman.appear.infant.b.a;->b:250	API Call: android.telephony.TelephonyManager.getNetworkCountryIso

Source: woman.appear.infant.b.b;->a:32

API Call: android.telephony.TelephonyManager.getLine1Number

Source: submitted apk

Request permission: android.permission.READ_SMS

Source: woman.appear.infant.fijpjflbxwm.hrmz

Registered receiver: android.provider.Telephony.SMS_RECEIVED

Source: woman.appear.infant.b.a;->a:145

API Call: android.telephony.SmsMessage.createFromPdu

Source: submitted apk

Request permission: android.permission.RECEIVE_SMS

Source: submitted apk

Request permission: android.permission.READ_CONTACTS

Source: submitted apk

Request permission: android.permission.READ_PHONE_STATE

Source: com.tenta.xwalk.refactor.XWalkNavigationHandlerImpl;->createIntentForActionUri:45

API Call: android.net.Uri.parse("vnd.android-dir/mms-sms")

Source: Lio/grpc/internal/ClientCallImpl;->startInternal(Lio/grpc/ClientCall$Listener;Lio/grpc/Metadata;)V	Method string: "clientcall started after deadline exceeded: "
Source: Lio/grpc/internal/ClientCallImpl;->delayedCancelOnDeadlineExceeded(Lio/grpc/Status;Lio/grpc/ClientCall$Listener;)V	Instruction: "iput-object v0, p0, lio/grpc/internal/clientcallimpl;->deadlinecancellationsendtoserverfuture:ljava/util/concurrent/scheduledfuture;"
Source: Lio/grpc/ServiceProviders$1;->reversed()Ljava/util/Comparator;	Instruction: "lj$/util/comparator$-cc;->$default$reversed(ljava/util/comparator;)ljava/util/comparator;"
Source: Lio/grpc/internal/ClientCallImpl;->startInternal(Lio/grpc/ClientCall$Listener;Lio/grpc/Metadata;)V	Instruction: "const-string v4, "clientcall started after deadline exceeded: ""

Source: com.tenta.xwalk.refactor.XWalkDownloadListenerImpl;->onDownloadStart:53

API Call: android.app.DownloadManager.enqueue

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Obfuscated Files or Information1	Capture SMS Messages1	System Network Connections Discovery1	Remote Services	Location Tracking1	Exfiltration Over Other Network Medium	Encrypted Channel1	Exploit SS7 to Redirect Phone Calls/SMS2	Remotely Track Device Without Authorization	Delete Device Data1
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Evade Analysis Environment1	LSASS Memory	Location Tracking1	Remote Desktop Protocol	Network Information Discovery1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Carrier Billing Fraud1
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Security Software Discovery1	SMB/Windows Admin Shares	Capture SMS Messages1	Automated Exfiltration	Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Information Discovery12	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Evade Analysis Environment1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	Process Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Android Analysis Report Android_Guncelleme.apk

Overview

General Information

Detection

Signatures

Classification

Yara Overview

Jbx Signature Overview

AV Detection:

Location Tracking:

Privilege Escalation:

Compliance:

Spreading:

Networking:

E-Banking Fraud:

Spam, unwanted Advertisements and Ransom Demands:

Operating System Destruction:

Change of System Appearance:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Screenshots

Thumbnails