0a7f1045c39b6b02c58d133ef20566288689a51e863f59626d2c48e61d14cd79

Resubmissions

30-08-2022 12:18

220830-pgsgrsggaq 10

12-07-2022 11:07

220712-m77chafdel 7

Analysis

max time kernel
4004844s
max time network
310s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
30-08-2022 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hermit_e38d7ba21a48ad32963bfe6cb0203afe0839eca9a73268a67422109da282eae3.apk
Size

2.9MB
MD5

db253c49fa9375e6eaa7f23661c58554
SHA1

527141e1ee5d76b55b7c7640f7dcf222cb93e010
SHA256

e38d7ba21a48ad32963bfe6cb0203afe0839eca9a73268a67422109da282eae3
SHA512

e15c29a45813977896487240692c5286053ca4e63f8da92709e4ea56ec354a039fcd5fe8168076da9d2e718cd89704e117e4ea690f5102383253f94f24ac362d
SSDEEP

49152:3wAIKVFQuVh59r9VWEOxeoRPipEauRMQ7QqyGdZEdyqDVNdo:3LTH9rXxOxnuETQL5zDV7o

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

com.androidservices.support

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.androidservices.support

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.androidservices.support

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

Processes:

com.androidservices.support

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.androidservices.support
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.androidservices.support

Acquires the wake lock. 1 IoCs

Processes:

com.androidservices.support

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.androidservices.support
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

com.androidservices.support

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.androidservices.support

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.androidservices.support

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.androidservices.support

com.androidservices.support
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Requests cell location
- Acquires the wake lock.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4095

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
Filesize
524B

MD5
7be2cb438dd6fb56ddeffc25a7350fea

SHA1
0508e60902ed6d20f8da901a7dd7d954a720b08b

SHA256
b2ce86c7d0a8af6dc832a9100c94d06b974e4e928dccaee57e41751dd1e14160

SHA512
67fcc396d327908fbe35a88d6ccad09e8e0fb4e3a3de8cdcdfc624a56bdf3cddf689cfd512d1a09933748e244a899674d635ca1eb751cece60adb833cbc28087

Download Submit
/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-wal
Filesize
52KB

MD5
82048ce3e599f4155e833feefa3514c7

SHA1
809469a310d622771722164975fc25c5fba7530e

SHA256
a292717fd73e57cf49e17e30a25f4e40a03a51dff9d21e334cd69f80600a5d1e

SHA512
bf5b93a39374cae65f163bb94d3583bf97c29d06d0b5f5b7179196843ce2d62db9aa6d150261394cc9d390aec002c9e0db0b85cdf4948800e5639490b16ebabe

Download Submit
/data/user/0/com.androidservices.support/files/PersistedInstallation1504368007821160106tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/files/PersistedInstallation8100741767655515142tmp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/files/generatefid.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/no_backup/com.google.android.gms.appid-no-backup
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.androidservices.support/shared_prefs/com.androidservices.support_preferences.xml
Filesize
125B

MD5
c22eecbe08255b978da340c080346be0

SHA1
e1f88434b59e72a9a5af087dd5c51f639641b28b

SHA256
0e6ec3633615609c81add64cfa102c78c7abb785bf6a8f0318f5b11d3aa16eee

SHA512
fd675b407399f15b9ce9d5c6001d418b3273d45f50b3e59185380d1901de986b16d8701e7924a8f0e3c15809ae50aef7f4db7f10eee7cc589f295cf25d21b58e

Download Submit
/data/user/0/com.androidservices.support/shared_prefs/com.androidservices.support_preferences.xml
Filesize
171B

MD5
ba0544caab15324ef8545ce695a8672e

SHA1
2451ffb2eb6171f345e794153ec7b9702670eb78

SHA256
dd9ad0da303d4b2a6cb85423e9b6aa70a824604107a0cc1a83422460ca4fdb54

SHA512
434da2330f8facaa1049098ca742e7effaa5ac7e43297f1edc817f3dbfbaa75f4cdc6130d5230ef0b4f2e0ad6b217444519532b2bbc755f44572655b27b8bdd1

Download Submit
/data/user/0/com.androidservices.support/shared_prefs/com.androidservices.support_preferences.xml
Filesize
302B

MD5
6abe9cbb23daef85d52e3abf73e1a551

SHA1
fa3105805573353d46ed95c1f046fb10f7f72569

SHA256
5691f896d6c79b4e488c9e79db2909bc9e621bc83d232a32e738bdde846a975f

SHA512
9367ebc7e6f1eb11072d012e338984cf39921051278ece3f6ca6fb61f5c76be47821c8989a6db0c0df42cf76e7a4608dad71d07d9435bd5dfb97c34bc482ec44

Download Submit
/data/user/0/com.androidservices.support/shared_prefs/com.androidservices.support_preferences.xml
Filesize
355B

MD5
63cf4e6c056dfc7c76bdb68eb08c8411

SHA1
e242d093165e4de8d137af26e19d7f27d2ede65e

SHA256
831d6f7b13b51628bf780b0f156bc293bb5980efcb5fb4911c35934661c44151

SHA512
e9ee4712f656d5623dfbc52733041a3332f99931be13afceea683cef4101790151e9fbc3ea33bac6d556cec638e706d623aa11a010271c53e9d9e82d6c016c7b

Download Submit
/data/user/0/com.androidservices.support/shared_prefs/com.androidservices.support_preferences.xml
Filesize
428B

MD5
cb46175291ba6e3087282540f882d074

SHA1
29bdf7a464d3f5c7a9261f7004cef9872936e5e8

SHA256
048776945b0c0e6cbdb10cd1b2f284278eb2a6eea0913054d5daeb0aaa168443

SHA512
4f53eb36d78ed1e81ca45a0e058b98a47a152bb07aa95a882e3719f0e68bb52660254fc0be0c45e49c528e76ab8878056b2d8a914093664eb72ab0abb7fee597

Download Submit
/data/user_de/0/com.androidservices.support/shared_prefs/move_to_de_records.xml
Filesize
128B

MD5
0e777fa46dc7b378b14a465da934467c

SHA1
ab7497b8b32d70c9fc2a5203ab618920d0601253

SHA256
63b2de8ef589db15b161ed905df89532d0b8ecdaeccf08f4771a4a2206089eac

SHA512
f43b46b82842ea2823ebcef50b7677e44c18675b88596e7abc6c090759af93b784c81e74f0f43b7649fa36c5582dc33338c6eeb7f5ef42d8967ad81d54e601e6

Download Submit
/storage/emulated/0/.cache_db05e717695102a349f5e434e8ea8e80/.nomedia
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit