File name:

4d66b097cc900cde8ab5d22f3ab915f5879c6ea2eef9f85196ddff149315eefe.apk

Full analysis: https://app.any.run/tasks/e2778e03-768a-4c5d-a640-127358ed8d5d
Verdict: Malicious activity
Analysis date: May 15, 2025, 21:37:40
OS: Android 14
Tags:
arch-scr
arch-html
MIME: application/vnd.android.package-archive
File info: Android package (APK), with zipflinger virtual entry, with APK Signing Block
MD5:

A9E6073A72646397E7EF4A5B72F46469

SHA1:

2137572751419D58A31EF5B3C02426A99F9A3F17

SHA256:

4D66B097CC900CDE8AB5D22F3AB915F5879C6EA2EEF9F85196DDFF149315EEFE

SSDEEP:

98304:dLWjKK8da0PPM+I3Gl3+k4gSGjOUsZyo5wrYIu0r8tduXlUSNuo2TQbv6X1X5BOJ:jwHsXoPU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Checks whether the screen is currently on

      • app_process64 (PID: 2274)

  • SUSPICIOUS

    • Uses encryption API functions

      • app_process64 (PID: 2274)

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 2274)

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 2274)

    • Executes dynamic code using class loader

      • app_process64 (PID: 2274)

    • Accesses memory information

      • app_process64 (PID: 2274)

    • Retrieves installed applications on device

      • app_process64 (PID: 2274)

    • Accesses system-level resources

      • app_process64 (PID: 2274)

    • Establishing a connection

      • app_process64 (PID: 2274)

    • Accesses external device storage files

      • app_process64 (PID: 2274)

  • INFO

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 2274)

    • Dynamically loads a class in Java

      • app_process64 (PID: 2274)

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 2274)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 2274)

    • Dynamically registers broadcast event listeners

      • app_process64 (PID: 2274)

    • Returns elapsed time since boot

      • app_process64 (PID: 2274)

    • Retrieves the value of a secure system setting

      • app_process64 (PID: 2274)

    • Verifies whether the device is connected to the internet

      • app_process64 (PID: 2274)

    • Gets file name without full path

      • app_process64 (PID: 2274)

    • Detects device power status

      • app_process64 (PID: 2274)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (73.9)
.jar | Java Archive (20.4)
.zip | ZIP compressed archive (5.6)

EXIF

ZIP

ZipRequiredVersion: -
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 1981:01:01 01:01:02
ZipCRC: 0x3c63078e
ZipCompressedSize: 187
ZipUncompressedSize: 316
ZipFileName: res/interpolator/btn_checkbox_checked_mtrl_animation_interpolator_0.xml
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
131
Monitored processes
6
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start app_process64 app_process32 app_process32 no specs app_process32 app_process64 no specs app_process32 no specs

Process information

PID
CMD
Path
Indicators
Parent process
2274zygote64 /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2315zygote /system/bin/app_process32
app_process32
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2331webview_zygote /system/bin/app_process32app_process32
User:
webview_zygote
Integrity Level:
UNKNOWN
Exit code:
0
2365zygote /system/bin/app_process32
app_process32
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2547org.chromium.webview_shell /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2579webview_zygote /system/bin/app_process32app_process32
User:
webview_zygote
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
65
Text files
27
Unknown types
0

Dropped files

PID
Process
Filename
Type
2274app_process64/data/data/com.bhumiit.total/databases/androidx.work.workdb-journalbinary
MD5:
SHA256:
2274app_process64/data/data/com.bhumiit.total/databases/androidx.work.workdb-walbinary
MD5:
SHA256:
2274app_process64/data/data/com.bhumiit.total/shared_prefs/com.google.android.gms.measurement.prefs.xmlxml
MD5:
SHA256:
2274app_process64/data/data/com.bhumiit.total/shared_prefs/WebViewChromiumPrefs.xmlxml
MD5:
SHA256:
2274app_process64/data/data/com.bhumiit.total/app_webview/Default/Local Storage/leveldb/MANIFEST-000001binary
MD5:
SHA256:
2274app_process64/data/data/com.bhumiit.total/app_webview/Default/Local Storage/leveldb/000001.dbtmptext
MD5:
SHA256:
2274app_process64/data/data/com.bhumiit.total/app_webview/Default/Local Storage/leveldb/CURRENTtext
MD5:
SHA256:
2274app_process64/data/data/com.bhumiit.total/cache/WebView/Default/HTTP Cache/Code Cache/webui_js/indexbinary
MD5:
SHA256:
2274app_process64/data/data/com.bhumiit.total/cache/WebView/Default/HTTP Cache/Code Cache/js/indexbinary
MD5:
SHA256:
2274app_process64/data/data/com.bhumiit.total/cache/WebView/Default/HTTP Cache/Code Cache/wasm/indexbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
25
DNS requests
14
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
172.217.18.3:80
http://connectivitycheck.gstatic.com/generate_204
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
445
mdnsd
224.0.0.251:5353
unknown
216.239.35.8:123
time.android.com
whitelisted
172.217.18.4:443
www.google.com
GOOGLE
US
whitelisted
172.217.18.3:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
64.233.167.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted
2365
app_process32
142.250.184.227:443
update.googleapis.com
GOOGLE
US
whitelisted
2365
app_process32
142.250.185.206:443
dl.google.com
GOOGLE
US
whitelisted
2274
app_process64
142.250.186.130:443
googleads.g.doubleclick.net
GOOGLE
US
whitelisted
2315
app_process32
142.250.185.67:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
2274
app_process64
142.250.185.106:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
www.google.com
  • 172.217.18.4
whitelisted
connectivitycheck.gstatic.com
  • 172.217.18.3
whitelisted
time.android.com
  • 216.239.35.8
  • 216.239.35.4
  • 216.239.35.12
  • 216.239.35.0
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 64.233.167.81
whitelisted
google.com
  • 142.250.181.238
whitelisted
update.googleapis.com
  • 142.250.184.227
whitelisted
dl.google.com
  • 142.250.185.206
whitelisted
googleads.g.doubleclick.net
  • 142.250.186.130
whitelisted
clientservices.googleapis.com
  • 142.250.185.67
whitelisted
fonts.googleapis.com
  • 142.250.185.106
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Android Device Connectivity Check
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
4d66b097cc900cde8ab5d22f3ab915f5879c6ea2eef9f85196ddff149315eefe.apk