Joe Sandbox Cloud Pro Analysis Report

Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:20.0.0
Analysis ID:347718
Start time:09:52:40
Joe Sandbox Product:Cloud
Start date:22.08.2017
Overall analysis duration:0h 4m 57s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:soniac_vv.0.3_apkpure.com.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android x86 5.1
Detection:MAL
Classification:mal76.evad.spyw.troj.andAPK@0/251@10/0
Warnings:
Show All
  • No interacted views
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all resource files were parsed


Detection

StrategyScoreRangeReportingDetection
Threshold760 - 100Report FP / FNmalicious


Classification

Signature Overview

Click to jump to signature section


Change of System Appearance:

barindex
Acquires a wake lockShow sources
Source: sys.arshad.sys.AutoStartUp;->onCreate:19API Call: android.os.PowerManager$WakeLock.acquire
Mutes ringtone soundShow sources
Source: sys.arshad.sys.MainActivity$b$32;->run:23API Call: android.media.AudioManager.setRingerMode("0")
Sets a new wallpaperShow sources
Source: sys.arshad.sys.MainActivity$12;->run:7API Call: android.app.WallpaperManager.setBitmap
May access the Android keyguard (lock screen)Show sources
Source: androidString found in binary or memory: keyguard

Location Tracing:

barindex
Queries the phones location (GPS)Show sources
Source: sys.arshad.sys.MainActivity$18;->onLocationChanged:3API Call: android.location.Location.getLongitude
Source: sys.arshad.sys.MainActivity$18;->onLocationChanged:5API Call: android.location.Location.getLatitude

Operating System Destruction:

barindex
Deletes call logs/historyShow sources
Source: sys.arshad.sys.MainActivity$19;->run:24API Call: android.content.ContentResolver.delete
Deletes other packagesShow sources
Source: sys.arshad.sys.MainActivity$13;->run:15API Call: sys.arshad.sys.MainActivity.startActivity
Source: sys.arshad.sys.MainActivity$14;->run:13API Call: sys.arshad.sys.MainActivity.startActivity
Kills background processesShow sources
Source: sys.arshad.sys.MainActivity$b$14;->run:14API Call: android.app.ActivityManager.killBackgroundProcesses

Spam, unwanted Advertisements and Ransom Demands:

barindex
Dials phone numbersShow sources
Source: sys.arshad.sys.MainActivity$6;->run:17API Call: sys.arshad.sys.MainActivity.startActivity
Has permission to perform phone calls in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Has permission to send SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.SEND_SMS
Has permissions to monitor, redirect and/or block callsShow sources
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
Sends SMS using SmsManagerShow sources
Source: sys.arshad.sys.MainActivity$b$16;->run:27API Call: android.telephony.SmsManager.sendTextMessage

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Accesses the audio/media managersShow sources
Source: sys.arshad.sys.MainActivity$b$20;->run:37API Call: android.media.AudioRecord.<init>
Source: sys.arshad.sys.MainActivity$b;->t:141API Call: android.media.MediaRecorder.<init>
Source: sys.arshad.sys.MainActivity;->A:50API Call: android.media.MediaRecorder.<init>
Has permission to record audio in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Has permission to take photosShow sources
Source: submitted apkRequest permission: android.permission.CAMERA
Records audio/mediaShow sources
Source: sys.arshad.sys.MainActivity$b$20;->run:44API Call: android.media.AudioRecord.startRecording
Source: sys.arshad.sys.MainActivity$b;->t:162API Call: android.media.MediaRecorder.start
Source: sys.arshad.sys.MainActivity;->A:63API Call: android.media.MediaRecorder.start

E-Banking Fraud:

barindex
Has functionalty to add an overlay to other appsShow sources
Source: sys.arshad.sys.PhotoTakingService;->a:11API Call: WindowManager.addView

Networking:

barindex
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /generate_204 HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: connectivitycheck.android.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /generate_204 HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: connectivitycheck.android.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /generate_204 HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: connectivitycheck.android.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /generate_204 HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: connectivitycheck.android.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /generate_204 HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: connectivitycheck.android.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /generate_204 HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: connectivitycheck.android.comConnection: Keep-AliveAccept-Encoding: gzip
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: arshad93.ddns.net
Urls found in memory or binary dataShow sources
Source: abc_tint_spinner.xml, abc_action_menu_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: abc_action_menu_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto((android.support.v7.widget.actionmenuview
Source: abc_activity_chooser_view_list_item.xml, abc_btn_borderless_material.xml, abc_list_selector_holo_light.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Checks an internet connection is availableShow sources
Source: sys.arshad.sys.MainActivity;->d:181API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: sys.arshad.sys.MainActivity$9;->run:14API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: sys.arshad.sys.MainActivity$b$44;->run:33API Call: android.net.ConnectivityManager.getNetworkInfo
Source: sys.arshad.sys.MainActivity$b$44;->run:35API Call: android.net.NetworkInfo.isConnected
Source: sys.arshad.sys.MainActivity;->G:148API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: sys.arshad.sys.MainActivity;->L:174API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Enables or disables WIFIShow sources
Source: sys.arshad.sys.MainActivity$b$2;->run:4API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: sys.arshad.sys.MainActivity$b$47;->run:4API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: sys.arshad.sys.MainActivity$b;->g:277API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: sys.arshad.sys.MainActivity$b;->g:279API Call: android.net.wifi.WifiManager.setWifiEnabled
Performs DNS lookups (Java API)Show sources
Source: sys.arshad.sys.MainActivity$b$20;->run:20API Call: java.net.InetAddress.getByName (not executed)
Scans for WIFI networksShow sources
Source: sys.arshad.sys.MainActivity$b$a$1;->run:21API Call: android.net.wifi.WifiManager.getScanResults
Source: sys.arshad.sys.MainActivity$b;->p:85API Call: android.net.wifi.WifiManager.startScan
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)Show sources
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Tries to resolve many domain names, but no domain seems validShow sources
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Source: unknownDNS traffic detected: query: arshad93.ddns.net replaycode: Name error (3)
Uses dynamic DNS servicesShow sources
Source: unknownDNS query: name: arshad93.ddns.net

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: sys.arshad.sys.AutoStartUp;->onCreate:17API Call: android.os.PowerManager.newWakeLock
Starts/registers a service/receiver on phone boot (autostart)Show sources
Source: sys.arshad.sys.BootComplete;->onReceive:6API Call: sys.arshad.sys.MainActivity.startService("Intent { cmp=sys.arshad.sys/.AutoStartUp }")

Remote Access Functionality:

barindex
Detected Android Bot / Trojan SonicSpyShow sources
Source: Lsys/arshad/sys/MainActivity$9;->run()VMethod string: "!s!c!r!e!a!m!"
Source: Lsys/arshad/sys/MainActivity$b$40;->run()VMethod string: "{screamHacker}"
Uses DownloadManager to fetch additional componentsShow sources
Source: sys.arshad.sys.MainActivity$4;->run:25API Call: android.app.DownloadManager.enqueue

Stealing of Sensitive Information:

barindex
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Creates SMS data (e.g. PDU)Show sources
Source: sys.arshad.sys.IncomingSms;->onReceive:6API Call: android.telephony.SmsManager.createFromPdu
Has permission to read contactsShow sources
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Has permission to read the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.READ_SMS
Has permission to read the call logShow sources
Source: submitted apkRequest permission: android.permission.READ_CALL_LOG
Has permission to read the default browser historyShow sources
Source: submitted apkRequest permission: com.android.browser.permission.READ_HISTORY_BOOKMARKS
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permission to receive SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Has permissions to create, read or change account settings (inlcuding account password settings)Show sources
Source: submitted apkRequest permission: android.permission.GET_ACCOUNTS
Monitors incoming Phone callsShow sources
Source: sys.arshad.sys.PhonecallReceiverRegistered receiver: android.intent.action.PHONE_STATE
Monitors incoming SMSShow sources
Source: sys.arshad.sys.IncomingSmsRegistered receiver: android.provider.Telephony.SMS_RECEIVED
Queries a list of installed applicationsShow sources
Source: sys.arshad.sys.MainActivity$b$21;->run:6API Call: android.content.pm.PackageManager.getInstalledApplications
Queries camera informationShow sources
Source: sys.arshad.sys.MainActivity$b$8;->run:7API Call: android.hardware.Camera.open
Source: sys.arshad.sys.MainActivity;->i:434API Call: android.hardware.Camera.open
Source: sys.arshad.sys.PhotoTakingService$1$1;->run:17API Call: android.hardware.Camera.open
Queries list of installed packagesShow sources
Source: sys.arshad.sys.MainActivity$b$39;->run:6API Call: android.content.pm.PackageManager.getInstalledPackages
Queries phone contact informationShow sources
Source: sys.arshad.sys.MainActivity$b$1;->run:29Field access: android.provider.ContactsContract$PhoneLookup.CONTENT_FILTER_URI
Source: sys.arshad.sys.MainActivity$b$12;->run:26Field access: android.provider.ContactsContract$PhoneLookup.CONTENT_FILTER_URI
Source: sys.arshad.sys.MainActivity$b$23;->run:26Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Queries stored mail and application accounts (e.g. Gmail or Whatsup)Show sources
Source: sys.arshad.sys.MainActivity$8;->run:10API Call: android.accounts.AccountManager.getAccounts
Source: sys.arshad.sys.MainActivity$8;->run:12API Call: android.accounts.Account.type
Source: sys.arshad.sys.MainActivity$8;->run:16API Call: android.accounts.Account.name
Reads boot loader settings of the deviceShow sources
Source: Lsys/arshad/sys/MainActivity$b$22;->run()VMethod string: "BOOTLOADER : "
Redirects camera/video feedShow sources
Source: sys.arshad.sys.MainActivity$b;->t:156API Call: android.media.MediaRecorder.setOutputFile
Source: sys.arshad.sys.MainActivity;->A:59API Call: android.media.MediaRecorder.setOutputFile
Monitors outgoing Phone callsShow sources
Source: sys.arshad.sys.PhonecallReceiverRegistered receiver: android.intent.action.NEW_OUTGOING_CALL

Persistence and Installation Behavior:

barindex
Creates filesShow sources
Source: sys.arshad.sys.MainActivity;->a:352API Call: android.content.ContextWrapper.openFileOutput
Source: sys.arshad.sys.MainActivity;->o:242API Call: android.content.ContextWrapper.openFileOutput
Source: sys.arshad.sys.MainActivity;->o:242API Call: android.content.ContextWrapper.openFileOutput
Source: sys.arshad.sys.MainActivity$2;->onReceive:10API Call: sys.arshad.sys.MainActivity.openFileOutput
Source: sys.arshad.sys.MainActivity$5;->run:4API Call: sys.arshad.sys.MainActivity.openFileOutput
Source: sys.arshad.sys.MainActivity$b$15;->run:8API Call: java.io.FileWriter.<init>
Source: sys.arshad.sys.MainActivity$b$37;->run:11API Call: sys.arshad.sys.MainActivity.openFileOutput
Source: sys.arshad.sys.MainActivity$b$37;->run:44API Call: sys.arshad.sys.MainActivity.openFileOutput

Data Obfuscation:

barindex
Obfuscates method namesShow sources
Source: soniac_vv.0.3_apkpure.com.apkTotal valid method names: 3%
Uses reflectionShow sources
Source: sys.arshad.sys.MainActivity;->I:164API Call: java.lang.reflect.Method.invoke

Spreading:

barindex
Accesses external storage locationShow sources
Source: sys.arshad.sys.MainActivity$b$28;->run:10API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$28;->run:61API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$28;->run:64API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$28;->run:72API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$28;->run:80API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$28;->run:88API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$28;->run:96API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$28;->run:104API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$28;->run:112API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$28;->run:120API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$28;->run:128API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$37;->run:18API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$37;->run:28API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$43;->run:3API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b$43;->run:13API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b;->t:122API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity$b;->t:133API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity;->A:17API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity;->A:27API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity;->A:38API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity;->A:65API Call: android.os.Environment.getExternalStorageDirectory
Source: sys.arshad.sys.MainActivity;->o:233API Call: android.os.Environment.getExternalStorageDirectory
Has permission to change the WIFI configuration including connecting and disconnectingShow sources
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Scans the access points for available WIFI networksShow sources
Source: sys.arshad.sys.MainActivity$b;->p:85API Call: android.net.wifi.WifiManager.startScan

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: mal76.evad.spyw.troj.andAPK@0/251@10/0
Executes native commandsShow sources
Source: sys.arshad.sys.a;->a:4API Call: java.lang.Runtime.exec
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Source: submitted apkRequest permission: android.permission.SEND_SMS
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_CONTACTS
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apkRequest permission: android.permission.WRITE_SETTINGS
Source: submitted apkRequest permission: com.android.browser.permission.READ_HISTORY_BOOKMARKS

Malware Analysis System Evasion:

barindex
Accesses android OS build fieldsShow sources
Source: sys.arshad.sys.MainActivity$9;->run:9Field Access: android.os.Build$VERSION.RELEASE
Source: sys.arshad.sys.MainActivity$9;->run:10Field Access: android.os.Build.MODEL
Source: sys.arshad.sys.MainActivity$b$22;->run:21Field Access: android.os.Build$VERSION.RELEASE
Source: sys.arshad.sys.MainActivity$b$22;->run:25Field Access: android.os.Build.MODEL
Source: sys.arshad.sys.MainActivity$b$22;->run:26Field Access: android.os.Build.BOARD
Source: sys.arshad.sys.MainActivity$b$22;->run:28Field Access: android.os.Build.BRAND
Source: sys.arshad.sys.MainActivity$b$22;->run:29Field Access: android.os.Build.DEVICE
Source: sys.arshad.sys.MainActivity$b$22;->run:30Field Access: android.os.Build.DISPLAY
Source: sys.arshad.sys.MainActivity$b$22;->run:31Field Access: android.os.Build.FINGERPRINT
Source: sys.arshad.sys.MainActivity$b$22;->run:33Field Access: android.os.Build.HOST
Source: sys.arshad.sys.MainActivity$b$22;->run:34Field Access: android.os.Build.ID
Source: sys.arshad.sys.MainActivity$b$22;->run:35Field Access: android.os.Build.MANUFACTURER
Source: sys.arshad.sys.MainActivity$b$22;->run:36Field Access: android.os.Build.PRODUCT
Source: sys.arshad.sys.MainActivity$b$22;->run:38Field Access: android.os.Build.TAGS
Source: sys.arshad.sys.MainActivity$b$22;->run:39Field Access: android.os.Build.TYPE
Source: sys.arshad.sys.MainActivity$b$22;->run:41Field Access: android.os.Build.USER
Source: sys.arshad.sys.MainActivity$b$22;->run:42Field Access: android.os.Build.CPU_ABI

Hooking and other Techniques for Hiding and Protection:

barindex
Has permission to draw over other applications or user interfacesShow sources
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Has permission to terminate background processes of other applicationsShow sources
Source: submitted apkRequest permission: android.permission.KILL_BACKGROUND_PROCESSES
Has permissions to monitor, redirect and/or block callsShow sources
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
Queries list of running processes/tasksShow sources
Source: sys.arshad.sys.MainActivity$b$14;->run:6API Call: android.app.ActivityManager.getRunningAppProcesses
Source: sys.arshad.sys.MainActivity$b$34;->run:86API Call: android.app.ActivityManager.getRunningAppProcesses
Removes its application launcher (likely to stay hidden)Show sources
Source: sys.arshad.sys.AutoStartUp;->onCreate:22API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Source: sys.arshad.sys.MainActivity;->c:387API Call: android.content.pm.PackageManager.setComponentEnabledSetting

Language, Device and Operating System Detection:

barindex
Queries the SIM provider ISO country codeShow sources
Source: sys.arshad.sys.MainActivity$b$22;->run:50API Call: android.telephony.TelephonyManager.getSimCountryIso
Queries the network operator ISO country codeShow sources
Source: sys.arshad.sys.MainActivity$b$22;->run:49API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: sys.arshad.sys.MainActivity$9;->run:5API Call: android.telephony.TelephonyManager.getDeviceId
Source: sys.arshad.sys.MainActivity$b$22;->run:22API Call: android.telephony.TelephonyManager.getSimSerialNumber
Source: sys.arshad.sys.MainActivity$b$22;->run:23API Call: android.telephony.TelephonyManager.getDeviceId
Source: sys.arshad.sys.MainActivity$b$22;->run:24API Call: android.telephony.TelephonyManager.getLine1Number
Source: sys.arshad.sys.MainActivity$b;->onProgressUpdate:328API Call: android.telephony.TelephonyManager.getDeviceId
Source: sys.arshad.sys.MainActivity$b;->onProgressUpdate:352API Call: android.telephony.TelephonyManager.getDeviceId
Source: sys.arshad.sys.MainActivity$b;->onProgressUpdate:360API Call: android.telephony.TelephonyManager.getDeviceId

Antivirus Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Screenshot