Resubmissions

17-01-2021 18:50

210117-p29gjn9xre 10

13-01-2021 21:41

210113-sz9mt28ax6 10

13-01-2021 21:39

210113-tlgh3tnrwn 10

Analysis

  • max time kernel
    4256504s
  • max time network
    127s
  • platform
    android_x86_64
  • resource
    android-x86_64
  • submitted
    13-01-2021 21:41

General

  • Target

    Riskware.apk

  • Size

    508KB

  • MD5

    b4e2d72bffd19ec64c5d51c035a4d569

  • SHA1

    47559f5e66b063e2b14390311d8fd1c1efd63f2a

  • SHA256

    d3c950ae2ad0e51127f271ea99931e823b70970279c0501525fd96e3aa2a10fc

  • SHA512

    0fbabfb3b0d4ce770054f290025400d256eb8ab06f9223e7c8402d2142d427bb7b0742dabc82128039b6aa947dd588a3b85db8d86783e7f4b2f874a32d118e81

Score
10/10

Malware Config

Extracted

AES_key
DESEDE_key

Signatures

  • Reads device subscriber ID 2 IoCs

    Uses Android APIs to read subscriber ID (IMSI on GSM devices).

  • Reads name of network operator 2 IoCs

    Uses Android APIs to discover system information.

  • Uses Crypto APIs (Might try to encrypt user data). 2 IoCs
  • Suspicious use of android.net.wifi.WifiInfo.getMacAddress 32 IoCs
  • Uses reflection 43 IoCs

Processes

  • com.oscadr.nehemliah
    1⤵
    • Reads device subscriber ID
    • Reads name of network operator
    • Uses Crypto APIs (Might try to encrypt user data).
    • Uses reflection
    PID:3531
  • com.oscadr.nehemliah:open
    1⤵
    • Reads device subscriber ID
    • Reads name of network operator
    • Uses Crypto APIs (Might try to encrypt user data).
    • Suspicious use of android.net.wifi.WifiInfo.getMacAddress
    • Uses reflection
    PID:3566

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads