Malware analysis Радар ДПС.apk Malicious activity

Add for printing

File name:	Радар ДПС.apk
Full analysis:	https://app.any.run/tasks/0a0c9948-0d73-42d4-84da-1feabb3b8a84
Verdict:	Malicious activity
Threats:	BTMOB RAT is a remote access Trojan (RAT) designed to give attackers full control over infected devices. It targets Windows and Android endpoints. Its modular structure allows operators to tailor capabilities, making it suitable for espionage, credential theft, financial fraud, and establishing long-term footholds in corporate networks. Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links. Malware Trends Tracker >>>
Analysis date:	January 05, 2026, 22:35:25
OS:	Android 14
Tags:	btmob rat websocket evasion
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v0.0 to extract, compression method=store
MD5:	61C30BD7EB4914EB9419661AF821944C
SHA1:	99D0BCE258388CCCE6EAD0E4A36D7986C9C431DB
SHA256:	D55057CD9110D12A192281356F06B94F342B9FEBB305CF0A5898A7E6AF40758F
SSDEEP:	98304:rv3YbZRfnK0o+apE21ywNpaiqLguVlEX27AR2Mq/853AfQ+IOzaw2+9rVZ3998Ao:mo3fzODFrO1yJYp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: off
Network:: on

Software preset

android (14)
android.cuttlefish.overlay (14)
android.cuttlefish.phone.overlay (14)
android.ext.services (2019-09)
android.ext.shared (1)
com.android.adservices.api (14)
com.android.apps.tag (1.1)
com.android.backupconfirm (14)
com.android.bips (14)
com.android.bluetoothmidiservice (14)
com.android.bookmarkprovider (14)
com.android.calendar (14)
com.android.calllogbackup (14)
com.android.camera2 (2.0.002)
com.android.cameraextensions (14)
com.android.captiveportallogin (14)
com.android.carrierconfig (1.0.0)
com.android.carrierdefaultapp (14)
com.android.cellbroadcastreceiver (R-initial)
com.android.cellbroadcastreceiver.module (R-initial)
com.android.cellbroadcastservice (R-initial)
com.android.certinstaller (14)
com.android.companiondevicemanager (14)
com.android.compos.payload (14)
com.android.connectivity.resources (S-initial)
com.android.connectivity.resources.cuttlefish.overlay (14)
com.android.contacts (1.7.34)
com.android.credentialmanager (14)
com.android.cts.ctsshim (14-10093150)
com.android.cts.priv.ctsshim (14-10093150)
com.android.deskclock (14)
com.android.devicelockcontroller (14)
com.android.dialer (23.0)
com.android.documentsui (14)
com.android.dreams.basic (14)
com.android.dreams.phototable (14)
com.android.dynsystem (14)
com.android.egg (1.0)
com.android.emergency (14)
com.android.ext.adservices.api (14)
com.android.externalstorage (14)
com.android.federatedcompute.services (T-initial)
com.android.gallery3d (1.1.40030)
com.android.google.gce.gceservice (14)
com.android.health.connect.backuprestore (14)
com.android.healthconnect.controller (14)
com.android.hotspot2.osulogin (14)
com.android.htmlviewer (14)
com.android.imsserviceentitlement (14)
com.android.inputdevices (14)
com.android.inputmethod.latin (14)
com.android.intentresolver (2021-11)
com.android.internal.display.cutout.emulation.corner (1.0)
com.android.internal.display.cutout.emulation.double (1.0)
com.android.internal.display.cutout.emulation.hole (1.0)
com.android.internal.display.cutout.emulation.tall (1.0)
com.android.internal.display.cutout.emulation.waterfall (1.0)
com.android.internal.systemui.navbar.gestural (1.0)
com.android.internal.systemui.navbar.gestural_extra_wide_back (1.0)
com.android.internal.systemui.navbar.gestural_narrow_back (1.0)
com.android.internal.systemui.navbar.gestural_wide_back (1.0)
com.android.internal.systemui.navbar.threebutton (1.0)
com.android.internal.systemui.navbar.transparent (1.0)
com.android.keychain (14)
com.android.launcher3 (14)
com.android.localtransport (14)
com.android.location.fused (14)
com.android.managedprovisioning (14)
com.android.messaging (1.0.001)
com.android.microdroid.empty_payload (14)
com.android.mms.service (14)
com.android.modulemetadata (14)
com.android.mtp (14)
com.android.music (14)
com.android.musicfx (1.4)
com.android.nearby.halfsheet (14)
com.android.networkstack (14)
com.android.networkstack.tethering (14)
com.android.networkstack.tethering.cuttlefishoverlay (1.0)
com.android.nfc (14)
com.android.ondevicepersonalization.services (T-initial)
com.android.ons (14)
com.android.packageinstaller (14)
com.android.pacprocessor (14)
com.android.permissioncontroller (33 system image)
com.android.phone (14)
com.android.printservice.recommendation (1.3.0)
com.android.printspooler (14)
com.android.providers.blockednumber (14)
com.android.providers.calendar (14)
com.android.providers.contacts (14)
com.android.providers.downloads (14)
com.android.providers.downloads.ui (14)
com.android.providers.media (14)
com.android.providers.media.module (14)
com.android.providers.partnerbookmarks (14)
com.android.providers.settings (14)
com.android.providers.settings.cuttlefish.overlay (14)
com.android.providers.telephony (14)
com.android.providers.userdictionary (14)
com.android.provision (14)
com.android.proxyhandler (14)
com.android.quicksearchbox (14)
com.android.rkpdapp (14)
com.android.role.notes.enabled (1.0)
com.android.safetycenter.resources (33 system image)
com.android.sdksandbox (T-initial)
com.android.se (14)
com.android.server.telecom (14)
com.android.settings (14)
com.android.settings.intelligence (14)
com.android.sharedstoragebackup (14)
com.android.shell (14)
com.android.simappdialog (14)
com.android.soundpicker (14)
com.android.statementservice (1.0)
com.android.stk (14)
com.android.storagemanager (14)
com.android.systemui (14)
com.android.systemui.accessibility.accessibilitymenu (14)
com.android.telephony.qns (14)
com.android.theme.font.notoserifsource (1.0)
com.android.traceur (1.0)
com.android.uwb.resources (T-initial)
com.android.virtualmachine.res (14)
com.android.vpndialogs (14)
com.android.wallpaper.livepicker (14)
com.android.wallpaperbackup (14)
com.android.wallpapercropper (14)
com.android.wallpaperpicker (1.0)
com.android.webview (137.0.7122.0)
com.android.wifi.dialog (14)
com.android.wifi.resources (R-initial)
com.android.wifi.resources.cf (1.0)
com.google.android.telephony.satellite (14)
org.chromium.chrome (137.0.7122.0)

Add for printing

MALICIOUS
- Initiates background APK installation
  - app_process64 (PID: 2880)
- Checks whether the screen is currently on
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- BTMOB has been detected
  - app_process64 (PID: 3703)
  - app_process64 (PID: 3127)
SUSPICIOUS
- Uses encryption API functions
  - app_process64 (PID: 2880)
  - app_process64 (PID: 3703)
  - app_process64 (PID: 3127)
- Abuses foreground service for persistence
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Accesses system-level resources
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Launches a new activity
  - app_process64 (PID: 2880)
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Retrieves a list of running services
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Updates data in the storage of application settings (SharedPreferences)
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Creates a WakeLock to manage power state
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Acquires a wake lock to keep the device awake
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Intercepts events for accessibility services
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Overlays content on other applications
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Checks if the device's lock screen is showing
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Prevents its uninstallation by user
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Checks for external IP
  - netd (PID: 339)
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Establishing a connection
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Leverages accessibility to control apps
  - app_process64 (PID: 3127)
- Accesses external device storage files
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Returns the name of the current network operator
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Performs UI accessibility actions without user input
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Checks exemption from battery optimization
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Starts a service
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Retrieves installed applications on device
  - app_process64 (PID: 3703)
  - app_process64 (PID: 3127)
- Detects presence of QEMU emulator
  - app_process64 (PID: 3127)
- Collects data about the device's environment (JVM version)
  - app_process64 (PID: 3703)
  - app_process64 (PID: 3127)
- Requests access to accessibility settings
  - app_process64 (PID: 3127)
INFO
- Dynamically inspects or modifies classes, methods, and fields at runtime
  - app_process64 (PID: 2880)
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Stores data using SQLite database
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Retrieves data from storage of application settings (SharedPreferences)
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Dynamically registers broadcast event listeners
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Retrieves the value of a secure system setting
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Retrieves the value of a global system setting
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Verifies whether the device is connected to the internet
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Gets file name without full path
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Attempting to connect via WebSocket
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Detects device power status
  - app_process64 (PID: 3127)
  - app_process64 (PID: 3703)
- Listens for changes in sensors
  - app_process64 (PID: 3703)
  - app_process64 (PID: 3127)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.apk	\|	Android Package (73.9)
.jar	\|	Java Archive (20.4)
.zip	\|	ZIP compressed archive (5.6)

EXIF

ZIP

ZipRequiredVersion:	-
ZipBitFlag:	-
ZipCompression:	None
ZipModifyDate:	2026:01:05 18:09:06
ZipCRC:	0x918650cb
ZipCompressedSize:	559052
ZipUncompressedSize:	559052
ZipFileName:	resources.arsc

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

140

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
339	/system/bin/netd	/system/bin/netd		init
User: root Integrity Level: UNKNOWN Exit code: 0
2880	JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
2916	com.android.webview:webview_service	/system/bin/app_process32		app_process32
User: root Integrity Level: UNKNOWN Exit code: 0
2917	webview_zygote	/system/bin/app_process32	—	app_process32
User: webview_zygote Integrity Level: UNKNOWN Exit code: 0
2966	com.android.webview:webview_apk	/system/bin/app_process32		app_process32
User: root Integrity Level: UNKNOWN Exit code: 0
3114	/apex/com.android.art/bin/artd	/apex/com.android.art/bin/artd	—	init
User: artd Integrity Level: UNKNOWN Exit code: 0
3117	/apex/com.android.art/bin/dex2oat32 --zip-fd=6 --zip-location=/data/app/~~dzEE55GUFIpLjsci3aPaLg==/JDUJJDD.KDKDKD.SLKSKS.DNKDKD.DJDJDJDJJ-DLnLfma31SMmFf8s0hylEA==/base.apk --oat-fd=7 --oat-location=/data/app/~~dzEE55GUFIpLjsci3aPaLg==/JDUJJDD.KDKDKD.SLKSKS.DNKDKD.DJDJDJDJJ-DLnLfma31SMmFf8s0hylEA==/oat/arm64/base.odex --output-vdex-fd=8 --swap-fd=9 --class-loader-context-fds=10 --class-loader-context=PCL[]{PCL[/system/framework/org.apache.http.legacy.jar]} --classpath-dir=/data/app/~~dzEE55GUFIpLjsci3aPaLg==/JDUJJDD.KDKDKD.SLKSKS.DNKDKD.DJDJDJDJJ-DLnLfma31SMmFf8s0hylEA== --instruction-set=arm64 --instruction-set-features=default --instruction-set-variant=cortex-a53 --compiler-filter=verify --compilation-reason=install --compact-dex-level=none --max-image-block-size=524288 --resolve-startup-const-strings=true --generate-mini-debug-info --runtime-arg -Xtarget-sdk-version:34 --runtime-arg -Xhidden-api-policy:enabled --runtime-arg -Xms64m --runtime-arg -Xmx512m "--comments=app-version-name:7\.27\.43 modulator,app-version-code:72743,art-version:340090000"	/apex/com.android.art/bin/dex2oat32	—	artd
User: artd Integrity Level: UNKNOWN Exit code: 0
3127	JDUJJDD.KDKDKD.SLKSKS.DNKDKD.DJDJDJDJJ	/system/bin/app_process64		app_process64
User: root Integrity Level: UNKNOWN Exit code: 9
3167	webview_zygote	/system/bin/app_process32	—	app_process32
User: webview_zygote Integrity Level: UNKNOWN Exit code: 0
3247	com.android.systemui.accessibility.accessibilitymenu	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0

Add for printing

Total events

Read events

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

268

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2880	app_process64	/data/data/JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH/app_webview/last-exit-info		text
		MD5:—	SHA256:—
2880	app_process64	/data/data/JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH/shared_prefs/WebViewChromiumPrefs.xml		xml
		MD5:—	SHA256:—
2880	app_process64	/data/data/JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH/app_webview/Default/Shared Dictionary/cache/index		binary
		MD5:—	SHA256:—
2880	app_process64	/data/data/JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index		binary
		MD5:—	SHA256:—
2880	app_process64	/data/data/JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH/cache/WebView/Default/HTTP Cache/Code Cache/js/index		binary
		MD5:—	SHA256:—
2880	app_process64	/data/data/JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH/app_webview/Default/Local Storage/leveldb/MANIFEST-000001		binary
		MD5:—	SHA256:—
2880	app_process64	/data/data/JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index		binary
		MD5:—	SHA256:—
2880	app_process64	/data/data/JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index		binary
		MD5:—	SHA256:—
2880	app_process64	/data/data/JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH/cache/WebView/font_unique_name_table.pb		binary
		MD5:—	SHA256:—
2880	app_process64	/data/data/JDUDJD.SJHSS.OIHSHZ.BXVXHSS.KSHSKSX.JSJJSKSKSKDH/app_webview/Default/Shared Dictionary/cache/index-dir/temp-index		binary
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

494

TCP/UDP connections

196

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
822	app_process64	GET	204	142.250.184.228:443	https://www.google.com/generate_204	unknown	—	—	whitelisted
—	—	GET	204	142.250.184.228:80	http://www.google.com/gen_204	unknown	—	—	whitelisted
822	app_process64	GET	204	142.250.185.163:80	http://connectivitycheck.gstatic.com/generate_204	unknown	—	—	whitelisted
1756	app_process64	POST	200	66.102.1.81:443	https://staging-remoteprovisioning.sandbox.googleapis.com/v1:fetchEekChain	unknown	binary	778 b	whitelisted
3127	app_process64	HEAD	200	193.108.170.41:80	http://193.108.170.41/yaarsa/private/yarsap_80541.php	unknown	—	—	unknown
1756	app_process64	POST	200	66.102.1.81:443	https://staging-remoteprovisioning.sandbox.googleapis.com/v1:signCertificates?challenge=AAABm5BNRL8BILStY9WnelL0lzc01Fcluh4f068=&request_id=0a483158-cf4d-4288-b86f-c835a54c8a2d	unknown	binary	11.8 Kb	whitelisted
2916	app_process32	GET	200	142.250.186.131:443	https://clientservices.googleapis.com/chrome-variations/seed?osname=android_webview&milestone=137	unknown	compressed	12.3 Kb	whitelisted
3127	app_process64	POST	200	193.108.170.41:80	http://193.108.170.41/yaarsa/private/yarsap_80541.php	unknown	—	—	unknown
2966	app_process32	POST	200	142.251.141.67:443	https://update.googleapis.com/service/update2/json?cup2key=15:hpZJldNkWhpu7vQf0EjK6y-INJp-pCR9-mHI2PP5nvQ&cup2hreq=16c07b18a36bb2f9ad569ab5bfe6cfd4fa13af67f77b4fd04ea064bb0570fcee	unknown	text	482 b	whitelisted
3127	app_process64	GET	101	193.108.170.41:8080	http://193.108.170.41:8080/	unknown	—	—	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
443	mdnsd	224.0.0.251:5353	—	—	—	whitelisted
—	—	142.250.184.228:80	www.google.com	GOOGLE	US	whitelisted
—	—	142.250.184.228:443	www.google.com	GOOGLE	US	whitelisted
—	—	142.250.185.163:80	connectivitycheck.gstatic.com	GOOGLE	US	whitelisted
822	app_process64	142.250.184.228:443	www.google.com	GOOGLE	US	whitelisted
571	app_process64	216.239.35.8:123	time.android.com	GOOGLE	US	whitelisted
822	app_process64	142.250.185.163:80	connectivitycheck.gstatic.com	GOOGLE	US	whitelisted
1756	app_process64	66.102.1.81:443	staging-remoteprovisioning.sandbox.googleapis.com	GOOGLE	US	whitelisted
2916	app_process32	142.250.186.131:443	clientservices.googleapis.com	GOOGLE	US	whitelisted
2966	app_process32	142.251.141.67:443	update.googleapis.com	GOOGLE	US	whitelisted

DNS requests

Domain	IP	Reputation
google.com	142.250.185.238	whitelisted
www.google.com	142.250.184.228	whitelisted
connectivitycheck.gstatic.com	142.250.185.163	whitelisted
time.android.com	216.239.35.8 216.239.35.0 216.239.35.4 216.239.35.12	whitelisted
staging-remoteprovisioning.sandbox.googleapis.com	66.102.1.81	whitelisted
clientservices.googleapis.com	142.250.186.131	whitelisted
update.googleapis.com	142.251.141.67	whitelisted
checkip.amazonaws.com	34.242.190.194 54.246.73.148 54.75.236.105 54.72.231.167 3.248.83.78 34.242.228.55	whitelisted
app.gdedps.com	155.212.174.63	unknown
yandex.ru	77.88.55.88 77.88.44.55 5.255.255.77	whitelisted

Threats

PID	Process	Class	Message
822	app_process64	Misc activity	ET INFO Android Device Connectivity Check
339	netd	Device Retrieving External IP Address Detected	ET INFO External IP Lookup Domain in DNS Lookup (checkip .amazonaws .com)
3127	app_process64	Device Retrieving External IP Address Detected	ET INFO External IP Check (checkip .amazonaws .com)
3127	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Websocket Upgrade Request
3127	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Websocket Upgrade Request
3127	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Websocket Upgrade Request
3127	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Websocket Upgrade Request
3127	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Websocket Upgrade Request
3127	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Websocket Upgrade Request
3127	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Websocket Upgrade Request

Add for printing

No debug info

General Info

Радар ДПС.apk

61C30BD7EB4914EB9419661AF821944C

99D0BCE258388CCCE6EAD0E4A36D7986C9C431DB

D55057CD9110D12A192281356F06B94F342B9FEBB305CF0A5898A7E6AF40758F

98304:rv3YbZRfnK0o+apE21ywNpaiqLguVlEX27AR2Mq/853AfQ+IOzaw2+9rVZ3998Ao:mo3fzODFrO1yJYp

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Initiates background APK installation

Checks whether the screen is currently on

BTMOB has been detected

SUSPICIOUS

Uses encryption API functions

Abuses foreground service for persistence

Accesses system-level resources

Launches a new activity

Retrieves a list of running services

Updates data in the storage of application settings (SharedPreferences)

Creates a WakeLock to manage power state

Acquires a wake lock to keep the device awake

Intercepts events for accessibility services

Overlays content on other applications

Checks if the device's lock screen is showing

Prevents its uninstallation by user

Checks for external IP

Establishing a connection

Leverages accessibility to control apps

Accesses external device storage files

Returns the name of the current network operator

Performs UI accessibility actions without user input

Checks exemption from battery optimization

Starts a service

Retrieves installed applications on device

Detects presence of QEMU emulator

Collects data about the device's environment (JVM version)

Requests access to accessibility settings

INFO

Dynamically inspects or modifies classes, methods, and fields at runtime

Stores data using SQLite database

Retrieves data from storage of application settings (SharedPreferences)

Dynamically registers broadcast event listeners

Retrieves the value of a secure system setting

Retrieves the value of a global system setting

Verifies whether the device is connected to the internet

Gets file name without full path

Attempting to connect via WebSocket

Detects device power status

Listens for changes in sensors

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats