File name:

inat-box-v14.apk

Full analysis: https://app.any.run/tasks/6bff4853-324b-4c98-ae1c-5c8784b18e19
Verdict: Malicious activity
Analysis date: March 21, 2025, 10:17:33
OS: Android 14
MIME: application/vnd.android.package-archive
File info: Android package (APK), with gradle app-metadata.properties
MD5:

B627F85FA5994BA7EB2630A09CD8873E

SHA1:

8D7B17566ADBE135118A39F4ADDF9D0CDB8ACA76

SHA256:

6BC0098C4BA9E7F1CBBB0F107CB8FF561BCB98BEB637E9B8950705D766245160

SSDEEP:

98304:dJDNVKWeSMvzNg4Nz6QXk/Rp3zyRHSRTrheWjddHiF+aSgq/1EB9b70HMU6CUtje:ynxUzh2QKTGu2+cep43pOW2u

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Acquires a wake lock to keep the device awake

      • app_process64 (PID: 2212)

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 2212)

    • Accesses system-level resources

      • app_process64 (PID: 2212)

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 2212)

    • Connects to unusual port

      • app_process64 (PID: 2212)

    • Creates a WakeLock to manage power state

      • app_process64 (PID: 2212)

    • Establishing a connection

      • app_process64 (PID: 2212)

  • INFO

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 2212)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 2212)

    • Loads a native library into the application

      • app_process64 (PID: 2212)

    • Verifies whether the device is connected to the internet

      • app_process64 (PID: 2212)

    • Returns elapsed time since boot

      • app_process64 (PID: 2212)

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 2212)

    • Dynamically loads a class in Java

      • app_process64 (PID: 2212)

    • Handles throwable exceptions in the app

      • app_process64 (PID: 2212)

    • Stores data using SQLite database

      • app_process64 (PID: 2212)

    • Gets file name without full path

      • app_process64 (PID: 2212)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (62.8)
.jar | Java Archive (17.3)
.vym | VYM Mind Map (14.9)
.zip | ZIP compressed archive (4.7)

EXIF

ZIP

ZipRequiredVersion: -
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 1981:01:01 01:01:02
ZipCRC: 0xe0fa63f5
ZipCompressedSize: 52
ZipUncompressedSize: 56
ZipFileName: META-INF/com/android/build/gradle/app-metadata.properties
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
127
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start netd app_process64 app_process64 no specs

Process information

PID
CMD
Path
Indicators
Parent process
340/system/bin/netd/system/bin/netd
init
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2212com.bp.box /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2257com.android.adservices.api /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
2212app_process64/data/data/com.bp.box/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MTo4NDU0Njg4ODg4MzI6YW5kcm9pZDozZTVmM2VhYzI2NThiOGUyMWQwZGU1.xml
MD5:
SHA256:
2212app_process64/data/data/com.bp.box/shared_prefs/com.google.firebase.messaging.xmlxml
MD5:
SHA256:
2212app_process64/data/data/com.bp.box/shared_prefs/com.google.android.gms.measurement.prefs.xmlxml
MD5:
SHA256:
2212app_process64/data/data/com.bp.box/no_backup/androidx.work.workdb-journal
MD5:
SHA256:
2212app_process64/data/data/com.bp.box/no_backup/androidx.work.workdb-wal
MD5:
SHA256:
2212app_process64/data/data/com.bp.box/cache/oat_primary/arm64/base.2212.tmp
MD5:
SHA256:
2212app_process64/data/data/com.bp.box/files/PersistedInstallation5200549670668449389tmp
MD5:
SHA256:
2212app_process64/data/data/com.bp.box/files/PersistedInstallation.W0RFRkFVTFRd+MTo4NDU0Njg4ODg4MzI6YW5kcm9pZDozZTVmM2VhYzI2NThiOGUyMWQwZGU1.json
MD5:
SHA256:
2212app_process64/data/data/com.bp.box/databases/google_app_measurement_local.db
MD5:
SHA256:
2212app_process64/data/data/com.bp.box/files/PersistedInstallation6161774581534367916tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
21
DNS requests
14
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
903
app_process64
GET
204
142.250.74.36:80
http://www.google.com/gen_204
unknown
whitelisted
903
app_process64
GET
204
142.250.74.163:80
http://connectivitycheck.gstatic.com/generate_204
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
8.8.8.8:853
GOOGLE
US
malicious
443
mdnsd
224.0.0.251:5353
unknown
340
netd
8.8.8.8:443
malicious
571
app_process64
216.239.35.0:123
time.android.com
whitelisted
903
app_process64
142.250.74.36:80
www.google.com
GOOGLE
US
whitelisted
903
app_process64
142.250.74.163:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
903
app_process64
142.250.74.36:443
www.google.com
GOOGLE
US
whitelisted
1732
app_process64
173.194.69.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted
2212
app_process64
172.67.149.64:443
ironsdk.net
CLOUDFLARENET
US
unknown
2212
app_process64
104.21.29.140:443
ironsdk.net
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.74.78
whitelisted
connectivitycheck.gstatic.com
  • 142.250.74.163
whitelisted
www.google.com
  • 142.250.74.36
whitelisted
time.android.com
  • 216.239.35.0
  • 216.239.35.8
  • 216.239.35.4
  • 216.239.35.12
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 173.194.69.81
whitelisted
ironsdk.net
  • 172.67.149.64
  • 104.21.29.140
unknown
firebaseinstallations.googleapis.com
  • 142.250.74.138
  • 142.250.74.170
  • 216.58.207.234
  • 216.58.211.10
  • 142.250.74.42
  • 142.250.74.74
  • 142.250.74.106
whitelisted
speedrestapi.com
  • 172.67.216.73
  • 104.21.24.15
unknown
dizilab.cfd
  • 172.67.220.136
  • 104.21.24.205
unknown
app-measurement.com
  • 216.58.207.238
whitelisted

Threats

PID
Process
Class
Message
903
app_process64
Misc activity
ET INFO Android Device Connectivity Check
2212
app_process64
Misc activity
ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
inat-box-v14.apk