MouldKing.apk
This report is generated from a file or URL submitted to this webservice on September 1st 2020 17:54:50 (UTC)
Report generated by
Falcon Sandbox v8.31 © Hybrid Analysis
Incident Response
Risk Assessment
- Spyware
- Has the ability to record audio
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 3
-
External Systems
-
Sample was identified as malicious by at least one Antivirus engine
- details
-
1/37 Antivirus vendors marked sample as malicious (2% detection rate)
2/61 Antivirus vendors marked sample as malicious (3% detection rate) - source
- External System
- relevance
- 8/10
-
Sample was identified as malicious by at least one Antivirus engine
-
Installation/Persistance
-
Has the ability to mount devices
- details
- Permission request for "android.permission.MOUNT_UNMOUNT_FILESYSTEMS"
- source
- Static Parser
- relevance
- 10/10
-
Has the ability to mount devices
-
Hiding 1 Malicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Suspicious Indicators 3
-
Anti-Reverse Engineering
-
Possibly checks for known debuggers/analysis tools
- details
- "kotlin/internal/DynamicExtension.kotlin_metadataEN" (Indicator: "icext")
- source
- File/Memory
- relevance
- 2/10
-
Possibly checks for known debuggers/analysis tools
-
General
-
Requires permissions that could be uesd for malicious intents
- details
-
Permission request for "android.permission.WRITE_EXTERNAL_STORAGE"
Permission request for "android.permission.INTERNET"
Permission request for "android.permission.RECORD_AUDIO"
Permission request for "android.permission.BLUETOOTH"
Permission request for "android.permission.BLUETOOTH_ADMIN"
Permission request for "android.permission.ACCESS_COARSE_LOCATION"
Permission request for "android.permission.ACCESS_FINE_LOCATION"
Permission request for "android.permission.WAKE_LOCK"
Permission request for "android.permission.READ_PHONE_STATE"
Permission request for "android.permission.WRITE_SETTINGS"
Permission request for "android.permission.MOUNT_UNMOUNT_FILESYSTEMS"
Permission request for "android.permission.SYSTEM_ALERT_WINDOW"
Permission request for "android.permission.CHANGE_WIFI_STATE"
Permission request for "android.permission.CHANGE_NETWORK_STATE" - source
- Static Parser
- relevance
- 10/10
-
Requires permissions that could be uesd for malicious intents
-
Spyware/Information Retrieval
-
Has the ability to record audio
- details
- Permission request for "android.permission.RECORD_AUDIO"
- source
- Static Parser
- relevance
- 10/10
- ATT&CK ID
- T1429 (Show technique in the MITRE ATT&CK™ matrix)
-
Has the ability to record audio
-
Informative 1
-
Network Related
-
Found potential URL in binary/memory
- details
-
Heuristic match: "assets/libjiagu.so"
Heuristic match: "assets/libjiagu_a64.so"
Heuristic match: "rA>#p
.mp"
Heuristic match: "lib/arm64-v8a/libBaiduSpeechSDK.so"
Heuristic match: "lib/arm64-v8a/libX86Bridge.so"
Heuristic match: "lib/arm64-v8a/libbdEASRAndroid.so"
Heuristic match: "lib/arm64-v8a/libbdSpilWakeup.so"
Heuristic match: "lib/arm64-v8a/libbd_easr_s1_merge_normal_20151216.dat.so"
Heuristic match: "!^rw2Y:f.Nl"
Heuristic match: "<Nc0'W.MO"
Heuristic match: "lib/arm64-v8a/libjcore201.so"
Heuristic match: "lib/arm64-v8a/liblibble.so" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
File Details
MouldKing.apk
- Filename
- MouldKing.apk
- Size
- 18MiB (18753902 bytes)
- Type
- android
- Description
- Zip archive data, at least v2.0 to extract
- Architecture
- SHA256
- 9fdf9998bf6a64630e83990d2cefdc13435cd57f62a8935c4a6886d97796bb5d
- MD5
- 20a1db65507385aa6270187abf7f865d
- SHA1
- 8a6086a7573adf018c46524e9f783f5f1e153ed2
- ssdeep
- 393216:QyKyif5cvi4e3cOYr325XGbq25XeODujmnhPLkQETCjguEvO0J:Qy5WMjrKXiFXehmnhNVWJ
Version Info
- Minimum SDK
- 21 (Lollipop)
- Target SDK
- 28 ()
- Version Code
- 166
- Version Name
- 1.66
- Package Name
- com.qunyu.yuxing
- Entrypoint
- com.qunyu.yuxingcom.qunyu.yuxing.activity.StartActivity
Classification (TrID)
- 72.9% (.APK) Android Package
- 20.1% (.JAR) Java Archive
- 5.5% (.ZIP) ZIP compressed archive
- 1.3% (.BIN) PrintFox/Pagefox bitmap (var. P)
File Permissions
Permission | Description |
---|---|
android.permission.READ_EXTERNAL_STORAGE | Allows an application to read from external storage. |
android.permission.WRITE_EXTERNAL_STORAGE | Allows an application to write to external storage. |
android.permission.INTERNET | Allows applications to open network sockets. |
android.permission.RECORD_AUDIO | Allows an application to record audio. |
android.permission.BLUETOOTH | Allows applications to connect to paired bluetooth devices. |
android.permission.BLUETOOTH_ADMIN | Allows applications to discover and pair bluetooth devices. |
android.permission.ACCESS_COARSE_LOCATION | Allows an app to access approximate location. |
android.permission.ACCESS_FINE_LOCATION | Allows an app to access precise location. |
android.permission.ACCESS_WIFI_STATE | Allows applications to access information about Wi-Fi networks. |
android.permission.ACCESS_NETWORK_STATE | Allows applications to access information about networks. |
com.qunyu.yuxing.permission.JPUSH_MESSAGE | - |
android.permission.RECEIVE_USER_PRESENT | - |
android.permission.WAKE_LOCK | Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming. |
android.permission.READ_PHONE_STATE | Allows read only access to phone state. |
android.permission.WRITE_SETTINGS | Allows an application to read or write the system settings. |
android.permission.MOUNT_UNMOUNT_FILESYSTEMS | Allows mounting and unmounting file systems for removable storage. |
android.permission.VIBRATE | Allows access to the vibrator. |
android.permission.SYSTEM_ALERT_WINDOW | Allows an app to create windows using the type TYPE_SYSTEM_ALERT, shown on top of all other apps. |
android.permission.ACCESS_BACKGROUND_LOCATION | - |
android.permission.CHANGE_WIFI_STATE | Allows applications to change Wi-Fi connectivity state. |
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS | Allows an application to access extra location provider commands. |
android.permission.CHANGE_NETWORK_STATE | Allows applications to change network connectivity state. |
File Activities
Activity | Description |
---|---|
com.qunyu.yuxingcom.qunyu.yuxing.activity.HelpActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.PathSettingActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.InformationActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.programming.CustomProgramActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.StartActivity | Entrypoint |
com.qunyu.yuxingcom.qunyu.yuxing.activity.ElecSettingActivty | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.TestActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.RemoteControlFourActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.RemoteControlOneActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.RemoteControlTwoActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.RemoteControlThreeActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.MainActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.AgreementActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.SelectActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.SelectionFunctionActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.MyProgramActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.AmusementActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.ExplanActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.SwitchDirectionActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.Test2Activity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.SetBleFourActivity | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.SetBleFour_OneActivty | - |
com.qunyu.yuxingcom.qunyu.yuxing.activity.ProgrammeActivity | - |
com.qunyu.yuxingcom.blankj.utilcode.util.PermissionUtils$PermissionActivity | - |
com.qunyu.yuxingcn.jpush.android.ui.PopWinActivity | - |
com.qunyu.yuxingcn.jpush.android.ui.PushActivity | - |
com.qunyu.yuxingcn.jpush.android.service.JNotifyActivity | - |
File Receivers
Receiver | Intents |
---|---|
cn.jpush.android.service.AlarmReceiver | - |
cn.jpush.android.service.PushReceiver |
cn.jpush.android.intent.NOTIFICATION_RECEIVED_PROXY (Priority: 1000)
android.intent.action.USER_PRESENT android.net.conn.CONNECTIVITY_CHANGE android.intent.action.PACKAGE_ADDED android.intent.action.PACKAGE_REMOVED |
com.qunyu.yuxing.receiver.MyReceiver | cn.jpush.android.intent.RECEIVE_MESSAGE |
File Certificates
Owner | Issuer | Validity | Hashes (MD5, SHA1) |
---|---|---|---|
CN=qqq, OU=qq, O=qq, L=qq, ST=qq | CN=qqq, OU=qq, O=qq, L=qq, ST=qq Serial: 58bb8b29 |
05/06/2019 07:13:27 04/29/2044 07:13:27 |
1C:00:25:5C:00:C8:27:CE:56:99:13:98:08:ED:33:1E B6:78:83:86:00:35:2B:6C:96:4D:C3:A9:81:4D:BA:D6:76:68:7B:04 |
Extracted Strings
Extracted Files
No significant files were extracted.