Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:22.0.0
Analysis ID:55021
Start time:15:45:53
Joe Sandbox Product:CloudBasic
Start date:16.04.2018
Overall analysis duration:0h 3m 41s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:chrome.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 6.0
Detection:MAL
Classification:mal76.evad.expl.adwa.spyw.andAPK@0/252@0/0
Warnings:
Show All
  • No interacted views
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingDetection
Threshold760 - 100Report FP / FNmalicious

Classification

Signature Overview

Click to jump to signature section


Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: AndroidManifest.xmlString found in binary or memory: android.permission.SEND_SMS!android.permission.WRITE_SETTINGS#android.permission.DISABLE_KEYGUARD android.permission.READ_CONTACTS$android.permission.CHANGE_WIFI_STATE$android.permission.ACCESS_WIFI_STATE
Acquires a wake lockShow sources
Source: com.Loader;->start:831API Call: android.os.PowerManager$WakeLock.acquire
Mutes ringtone soundShow sources
Source: com.Loader$b;->onCallStateChanged:81API Call: android.media.AudioManager.setRingerMode("0")
Source: com.Loader$s;->onReceive:335API Call: android.media.AudioManager.setRingerMode("0")
Source: com.Loader$u$1;->a:19API Call: android.media.AudioManager.setRingerMode("0")
Source: com.Loader$w;->a:31API Call: android.media.AudioManager.setRingerMode("0")
Source: com.n;->b:60API Call: android.media.AudioManager.setRingerMode("0")

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: chrome.apkvirustotal: Detection: 53%Perma Link

Operating System Destruction:

barindex
Deletes other packagesShow sources
Source: com.Loader$c$2$1;->b:31API Call: android.content.Context.startActivity
Lists and deletes files in the same contextShow sources
Source: com.Loader$ap;->run:13API Calls in same method context: File.listFiles,File.delete

Spam, unwanted Advertisements and Ransom Demands:

barindex
Sends E-MailShow sources
Source: com.Loader$s$e;->run:30API Call: javax.mail.Transport.sendMessage
Source: com.sun.mail.util.logging.MailHandler;->verifySettings0:826API Call: javax.mail.Transport.sendMessage
Source: javax.mail.Transport;->send0:29API Call: javax.mail.Transport.sendMessage
Source: javax.mail.Transport;->send0:42API Call: javax.mail.Transport.sendMessage
Dials phone numbersShow sources
Source: com.Loader$aa;->a:24API Call: android.content.Context.startActivity
Has permission to perform phone calls in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Has permission to send SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.SEND_SMS
Has permission to write to the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.WRITE_SMS
Has permissions to monitor, redirect and/or block callsShow sources
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
May block phone calls / Accesses private ITelephony interfaceShow sources
Source: com.Loader$b;->onCallStateChanged:69API Call: java.lang.Class.getDeclaredMethod("getITelephony")
Sends SMS using SmsManagerShow sources
Source: com.n;->b:61API Call: android.telephony.SmsManager.sendMultipartTextMessage

Privilege Escalation:

barindex
Starts an activity on device admin enabledShow sources
Source: com.rwe.rtAdminReceiver;->a:7API Call: android.app.ReceiverRestrictedContext.startActivity("Intent { act=android.intent.action.MAIN cat=[android.intent.category.HOME] flg=0x10000000 }")
Source: com.rwe.rtAdminReceiver;->onDisableRequested:19API Call: android.content.Context.startActivity (not executed)

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Has permission to record audio in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Records audio/mediaShow sources
Source: com.j;->a:48API Call: android.media.MediaRecorder.start
Accesses the audio/media managersShow sources
Source: com.j;->a:36API Call: android.media.MediaRecorder.<init>

E-Banking Fraud:

barindex
Contains package name strings related to banking (usually for identifying banking APKs)Show sources
Source: Lcom/c;-><clinit>()VMethod String: com.wooribank.pib.smart, com.kbstar.kbbank, com.ibk.neobanking, com.sc.danb.scbankapp, com.shinhan.sbanking, com.hanabank.ebk.channel.android.hananbank
Has functionalty to add an overlay to other appsShow sources
Source: com.Loader$an;->run:26API Call: WindowManager.addView
Source: com.Loader;->start:938API Call: WindowManager.addView
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.Loader$s;->onReceive:229API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.Loader$s;->onReceive:238API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.Loader;->f:497API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.Loader;->f:515API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.Loader;->f:545API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.Loader;->onStop:701API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.p;->a:185API Call: android.net.wifi.WifiManager.isWifiEnabled
Enables or disables WIFIShow sources
Source: com.Loader;->a:174API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.p;->a:186API Call: android.net.wifi.WifiManager.setWifiEnabled
Opens an internet connectionShow sources
Source: a.b;->a:20API Call: java.net.URL.openConnection (not executed)
Source: com.b.a.a.q;->d:7API Call: java.net.Socket.connect (not executed)
Source: javax.activation.URLDataSource;->getContentType:4API Call: java.net.URL.openConnection (not executed)
Source: javax.activation.URLDataSource;->getOutputStream:14API Call: java.net.URL.openConnection (not executed)
Source: com.Loader$y$1$1;->run:5API Call: java.net.URL.openConnection (not executed)
Source: com.sun.mail.util.SocketFetcher;->createSocket:129API Call: java.net.Socket.connect (not executed)
Source: com.sun.mail.util.SocketFetcher;->createSocket:151API Call: java.net.Socket.connect (not executed)
Performs DNS lookups (Java API)Show sources
Source: com.sun.mail.util.logging.MailHandler;->verifySettings0:942API Call: java.net.InetAddress.getByName (not executed)
Source: javax.mail.Service;->connect:68API Call: java.net.InetAddress.getByName (not executed)
Source: javax.mail.URLName;->getHostAddress:81API Call: java.net.InetAddress.getByName (not executed)
Source: com.sun.mail.util.SocketFetcher;->getSocket:192API Call: java.net.InetAddress.getByName (not executed)
Scans for WIFI networksShow sources
Source: com.Loader;->c:303API Call: android.net.wifi.WifiManager.startScan
Source: com.Loader;->f:520API Call: android.net.wifi.WifiManager.getScanResults
Found strings which match to known social media urlsShow sources
Source: resources.arsc, test.dex.dr, androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://127.0.0.1:
Source: test.dex.dr, androidString found in binary or memory: http://my.tv.sohu.com/user/%s
Source: AndroidManifest.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: test.dex.dr, androidString found in binary or memory: https://
Source: rxjava.propertiesString found in binary or memory: https://github.com/ReactiveX/RxJava.git
Uses HTTP for connecting to the internetShow sources
Source: a.b;->a:42API Call: java.net.HttpURLConnection.connect

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.Loader;->start:825API Call: android.os.PowerManager.newWakeLock

Remote Access Functionality:

barindex
Has permission to mount or unmount file systems (removable storage)Show sources
Source: submitted apkRequest permission: android.permission.MOUNT_UNMOUNT_FILESYSTEMS

Stealing of Sensitive Information:

barindex
Queries SIM card contact informationShow sources
Source: com.a;->a:24API Call: android.net.Uri.parse
Checks if a SIM card is installedShow sources
Source: com.Loader$ag$1;->a:12API Call: android.telephony.TelephonyManager.getSimState
Source: com.Loader;->c:335API Call: android.telephony.TelephonyManager.getSimState
Creates SMS data (e.g. PDU)Show sources
Source: com.Loader$s;->onReceive:81API Call: android.telephony.SmsMessage.createFromPdu
Has permission to read contactsShow sources
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Has permission to read the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.READ_SMS
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permission to receive SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Has permissions to create, read or change account settings (inlcuding account password settings)Show sources
Source: submitted apkRequest permission: android.permission.GET_ACCOUNTS
Monitors incoming SMSShow sources
Source: com.vjdf.ytMyReceiverRegistered receiver: android.provider.Telephony.SMS_RECEIVED
Queries MMS dataShow sources
Source: com.Loader;->start:930API Call: android.net.Uri.parse("content://mms/#")
Source: com.e;->a:10API Call: android.net.Uri.parse("content://mms")
Source: com.e;->a:55API Call: android.net.Uri.parse("content://mms/part")
Queries SMS dataShow sources
Source: com.Loader$k$1;->a:30API Call: android.net.Uri.parse("content://sms/")
Source: com.Loader$s;->onReceive:343API Call: android.net.Uri.parse("content://sms/inbox")
Source: com.Loader$s;->onReceive:361API Call: android.net.Uri.parse("content://sms")
Queries list of installed packagesShow sources
Source: com.Loader$ab;->a:8API Call: android.content.pm.PackageManager.getInstalledPackages
Source: com.Loader;->getFirstAppDate:639API Call: android.content.pm.PackageManager.getInstalledPackages
Source: com.Loader;->start:887API Call: android.content.pm.PackageManager.getInstalledPackages
Queries phone contact informationShow sources
Source: com.a;->a:11Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: com.p;->a:152API Call: android.net.Uri.parse content://com.android.contacts/data
Queries stored mail and application accounts (e.g. Gmail or Whatsup)Show sources
Source: com.Loader$at;->a:20API Call: android.accounts.Account.name
Source: com.Loader$aw;->a:18API Call: android.accounts.Account.name
Source: com.Loader$aw;->a:27API Call: android.accounts.Account.name
Source: com.Loader$b$a$a;->onClick:10API Call: android.accounts.AccountManager.getAccounts
Source: com.Loader$b$a$a;->onClick:12API Call: android.accounts.Account.type
Source: com.Loader$s;->onReceive:404API Call: android.accounts.AccountManager.getAccounts
Source: com.Loader$s;->onReceive:406API Call: android.accounts.Account.type
Source: com.Loader;->c:249API Call: android.accounts.AccountManager.getAccounts
Source: com.Loader;->c:252API Call: android.accounts.Account.name
Source: com.Loader;->c:256API Call: android.accounts.Account.type
Queries the list of configured WIFI access pointsShow sources
Source: com.p$a;->run:3API Call: android.net.wifi.WifiManager.getConfiguredNetworks
Redirects camera/video feedShow sources
Source: com.j;->a:44API Call: android.media.MediaRecorder.setOutputFile

Persistence and Installation Behavior:

barindex
Sets an intent to the APK data type (used to install other APKs)Show sources
Source: com.b;->a:18API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")

Data Obfuscation:

barindex
Found very long method stringsShow sources
Source: Lcom/Loader;-><init>()VMethod string: \n body {\n font-family: Roboto-Regular, HelveticaNeue, Arial, sans-serif;\n }\n\n label {\n color: #222;\n line-height: 16px;\n font-size: 100%;\n text-decoration: none;\n Length: 5599
Loads new DEX files via dynamic constructorShow sources
Source: com.wefd.esMyApplication;->onCreate:60API Call: Constructor call: public dalvik.system.DexClassLoader(java.lang.String,java.lang.String,java.lang.String,java.lang.ClassLoader)
Obfuscates method namesShow sources
Source: chrome.apkTotal valid method names: 44%
Uses reflectionShow sources
Source: com.rwe.rtAdminReceiver$1;->run:12API Call: java.lang.reflect.Method.invoke
Source: javax.activation.CommandInfo$Beans;->instantiate:8API Call: java.lang.reflect.Method.invoke
Source: org.msgpack.core.buffer.b;->a:54API Call: java.lang.reflect.Method.invoke
Source: org.msgpack.core.buffer.b;->a:80API Call: java.lang.reflect.Method.invoke
Source: org.msgpack.core.buffer.b;->b:85API Call: java.lang.reflect.Method.invoke
Source: org.msgpack.core.buffer.b;->b:87API Call: java.lang.reflect.Method.invoke
Source: org.msgpack.core.buffer.c;-><clinit>:27API Call: java.lang.reflect.Field.get
Source: com.Loader$aq;->onSignalStrengthsChanged:9API Call: java.lang.reflect.Method.invoke
Source: com.Loader$b;->onCallStateChanged:71API Call: java.lang.reflect.Method.invoke
Source: com.Loader;->f:486API Call: java.lang.reflect.Method.invoke
Source: com.Loader;->requestIgnoreBatteryOpt:729API Call: java.lang.reflect.Method.invoke
Source: com.Loader;->start:911API Call: java.lang.reflect.Method.invoke
Source: com.a$1;->run:8API Call: java.lang.reflect.Method.invoke
Source: com.das.vgMainService;->a:8API Call: java.lang.reflect.Method.invoke
Source: com.das.vgMainService;->a:15API Call: java.lang.reflect.Method.invoke
Source: com.sun.mail.util.MimeUtil;->cleanContentType:22API Call: java.lang.reflect.Method.invoke
Source: com.sun.mail.util.SocketFetcher;->createSocket:123API Call: java.lang.reflect.Method.invoke
Source: com.sun.mail.util.SocketFetcher;->getSocketFactory:292API Call: java.lang.reflect.Method.invoke
Source: com.sun.mail.util.SocketFetcher;->matchCert:310API Call: java.lang.reflect.Method.invoke
Source: com.sun.mail.util.SocketFetcher;->matchCert:322API Call: java.lang.reflect.Method.invoke
Source: com.wefd.esMyApplication;->a:15API Call: java.lang.reflect.Method.invoke

Spreading:

barindex
Has permission to change the WIFI configuration including connecting and disconnectingShow sources
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Accesses external storage locationShow sources
Source: com.Loader$x;->a:8API Call: android.os.Environment.getExternalStorageState
Source: com.Loader$x;->a:15API Call: android.os.Environment.getExternalStorageDirectory
Source: com.c;-><clinit>:21API Call: android.os.Environment.getExternalStorageDirectory
Source: com.j;-><init>:3API Call: android.os.Environment.getExternalStorageState
Source: com.j;-><init>:7API Call: android.os.Environment.getExternalStorageDirectory

System Summary:

barindex
Requests permissions only permitted to signed APKsShow sources
Source: submitted apkRequest permission: android.permission.BROADCAST_SMS
Source: submitted apkRequest permission: android.permission.PACKAGE_USAGE_STATS
Source: submitted apkRequest permission: android.permission.STOP_APP_SWITCHES
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Source: submitted apkRequest permission: android.permission.CHANGE_NETWORK_STATE
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.MODIFY_AUDIO_SETTINGS
Source: submitted apkRequest permission: android.permission.MODIFY_PHONE_STATE
Source: submitted apkRequest permission: android.permission.MOUNT_UNMOUNT_FILESYSTEMS
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.RECEIVE_MMS
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Source: submitted apkRequest permission: android.permission.SEND_SMS
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apkRequest permission: android.permission.WRITE_SETTINGS
Source: submitted apkRequest permission: android.permission.WRITE_SMS
Classification labelShow sources
Source: classification engineClassification label: mal76.evad.expl.adwa.spyw.andAPK@0/252@0/0
Reads shares settingsShow sources
Source: a.a;->a:5API Call: android.content.SharedPreferences.getString
Source: com.Loader$ai;->a:8API Call: android.content.SharedPreferences.getString
Source: com.Loader$b;->onCallStateChanged:48API Call: android.content.SharedPreferences.getBoolean
Source: com.Loader$b;->onCallStateChanged:80API Call: android.content.SharedPreferences.getBoolean
Source: com.Loader$i;->b:10API Call: android.content.SharedPreferences.getString
Source: com.Loader$i;->b:24API Call: android.content.SharedPreferences.getString
Source: com.Loader$i;->b:34API Call: android.content.SharedPreferences.getString
Source: com.Loader$i;->b:69API Call: android.content.SharedPreferences.getString
Source: com.Loader$k$1;->a:10API Call: android.content.SharedPreferences.getBoolean
Source: com.Loader$s;->onReceive:137API Call: android.content.SharedPreferences.getString
Source: com.Loader$s;->onReceive:161API Call: android.content.SharedPreferences.getString
Source: com.Loader$s;->onReceive:391API Call: android.content.SharedPreferences.getBoolean
Source: com.Loader$s;->onReceive:414API Call: android.content.SharedPreferences.getBoolean
Source: com.Loader$s;->onReceive:449API Call: android.content.SharedPreferences.getBoolean
Source: com.Loader;->a:139API Call: android.content.SharedPreferences.getString
Source: com.Loader;->a:152API Call: android.content.SharedPreferences.getString
Source: com.Loader;->a:159API Call: android.content.SharedPreferences.getString
Source: com.Loader;->f:592API Call: android.content.SharedPreferences.getBoolean
Source: com.Loader;->start:901API Call: android.content.SharedPreferences.getString

Anti Debugging:

barindex
Creates a new dex file (likely to load a new code)Show sources
Source: com.wefd.esMyApplication;->onCreate:27API Call: java.io.File.<init>

Malware Analysis System Evasion:

barindex
Accesses android OS build fieldsShow sources
Source: com.Loader;->c:324Field Access: android.os.Build$VERSION.RELEASE
Source: com.Loader;->c:326Field Access: android.os.Build.MODEL
Source: com.Loader;->c:330Field Access: android.os.Build.DISPLAY
Queries several sensitive phone informationsShow sources
Source: Ljavax/mail/Session;->loadProvidersFromStream(Ljava/io/InputStream;)VMethod string: "version"
Source: Lorg/msgpack/core/buffer/c;-><clinit>()VMethod string: "android"
Source: Ljavax/mail/Session;->loadProvidersFromStream(Ljava/io/InputStream;)VMethod string: "type"
Source: Lcom/p;->a(Landroid/content/Context;)Ljava/util/ArrayList;Method string: "phone"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: a.a;->a:12API Call: android.provider.Settings$Secure.getString
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: test.dex.drBinary or memory string: Ljava/lang/VirtualMachineError;

Hooking and other Techniques for Hiding and Protection:

barindex
Aborts a broadcast event (this is often done to hide phone events such as incoming SMS)Show sources
Source: com.Loader$s;->onReceive:341API Call: com.Loader$s.abortBroadcast
Has permission to draw over other applications or user interfacesShow sources
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
Has permissions to monitor, redirect and/or block callsShow sources
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
Queries list of running processes/tasksShow sources
Source: com.Loader;->getTopActivityName$loader_release:659API Call: android.app.ActivityManager.getRunningTasks
Removes its application launcher (likely to stay hidden)Show sources
Source: com.rwe.gsActivity$1;->run:8API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Uses Crypto APIsShow sources
Source: com.p;->a:211API Call: javax.crypto.Cipher.getInstance
Source: com.p;->a:212API Call: javax.crypto.Cipher.init
Source: com.p;->a:213API Call: javax.crypto.Cipher.doFinal
Source: com.sun.mail.smtp.DigestMD5;->authClient:49API Call: java.security.MessageDigest.getInstance
Source: com.sun.mail.smtp.DigestMD5;->authClient:88API Call: java.security.MessageDigest.digest
Source: com.sun.mail.smtp.DigestMD5;->authClient:89API Call: java.security.MessageDigest.update
Source: com.sun.mail.smtp.DigestMD5;->authClient:100API Call: java.security.MessageDigest.update
Source: com.sun.mail.smtp.DigestMD5;->authClient:103API Call: java.security.MessageDigest.digest
Source: com.sun.mail.smtp.DigestMD5;->authClient:129API Call: java.security.MessageDigest.update
Source: com.sun.mail.smtp.DigestMD5;->authClient:135API Call: java.security.MessageDigest.digest
Source: com.sun.mail.smtp.DigestMD5;->authClient:140API Call: java.security.MessageDigest.update
Source: com.sun.mail.smtp.DigestMD5;->authClient:198API Call: java.security.MessageDigest.digest
Source: com.sun.mail.smtp.DigestMD5;->authServer:236API Call: java.security.MessageDigest.update
Source: com.sun.mail.smtp.DigestMD5;->authServer:242API Call: java.security.MessageDigest.digest
Source: com.sun.mail.smtp.DigestMD5;->authServer:247API Call: java.security.MessageDigest.update
Source: com.sun.mail.smtp.DigestMD5;->authServer:249API Call: java.security.MessageDigest.digest

Language, Device and Operating System Detection:

barindex
Queries the WIFI MAC addressShow sources
Source: com.Loader;->f:546API Call: android.net.wifi.WifiInfo.getMacAddress
Queries the network operator nameShow sources
Source: com.Loader;->f:585API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: a.a;->a:26API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.Loader$at;->a:14API Call: android.telephony.TelephonyManager.getLine1Number
Source: com.Loader$s$e$1;->a:16API Call: android.telephony.TelephonyManager.getLine1Number
Source: com.Loader;->c:337API Call: android.telephony.TelephonyManager.getLine1Number
Source: com.Loader;->c:338API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.Loader;->start:797API Call: android.telephony.TelephonyManager.getLine1Number

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
chrome.apk53%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Screenshots