10e1296058f36bc3542e03858e921251d266a11bf245acb2ea4af89858bc11a4

Analysis

max time kernel
1162069s
max time network
152s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
16/09/2022, 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10e1296058f36bc3542e03858e921251d266a11bf245acb2ea4af89858bc11a4.apk
Size

20.6MB
MD5

e696972add3d05256d98df9c9354a624
SHA1

0b25bebc06de09611e0411f4b96342e4fca1a540
SHA256

10e1296058f36bc3542e03858e921251d266a11bf245acb2ea4af89858bc11a4
SHA512

662521855ca508788a310880b270899392416d9d50cc815eb6feb96258f8b19290ff9bee5ec3e9a910fef382732a1b3e66130936075c81951d1851bf948a238b
SSDEEP

393216:BYnsJA35z7A79L+mE/1mbgafiubcjZLbxT9i/zVN2I+TXd5UKpPbNiRSKcsZJN:B1JA35z7c5I9mbBffcNLbi/zVN2Ikta/

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	aob.kwbzrita

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	aob.kwbzrita

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/aob.kwbzrita/[email protected]	4323	aob.kwbzrita
/data/user/0/aob.kwbzrita/[email protected]	4323	aob.kwbzrita

Queries the unique device ID (IMEI, MEID, IMSI).

Requests cell location 1 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	aob.kwbzrita

Reads information about phone network operator.

aob.kwbzrita
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests cell location
PID:4323
- su
  2⤵
  PID:4468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/aob.kwbzrita/[email protected]

Filesize
2.6MB

MD5
236eacaec774312c4aef8e0fc1de4344

SHA1
598ddc6f2bc37c4cd5cb76f5d8c7b47701b0e6e0

SHA256
24e7c4a6906e7d11ff456d163861e41fa77ae2a01a5b2030daf1d64efe7470a8

SHA512
0578e61fd378169dc64d282648de874a0a032152b4a3f4bc5a960b17de8d445aa0e1140083e455c7d826dfc77ea5332c7a1b368bd747c293b39f3c2f1cb913cd

Download Submit
/data/user/0/aob.kwbzrita/[email protected]

Filesize
1.2MB

MD5
7966b622501444be4717bccbf53e2a02

SHA1
fcdc15d13ac100549004ee331bf051f3bb5b4521

SHA256
57ecfa98026ceed713a4c437bacbed2f2f3716ecf36c44f122e1d6c06ab58ae0

SHA512
67357f5c472d7a750f21cd908196bb6fb76b6fd8989c2d8a2bb55306f5dcd2b6a820273d3814c0e87d9f0d8c59ea8b7dad697bd6b748e499caec3ac47954e8ba

Download Submit
/data/user/0/aob.kwbzrita/databases/SettingsDB

Filesize
920KB

MD5
c40b870e7e989a65fd7379378ec45423

SHA1
b583882e4e6ea29935d35d91785c04646a0c756b

SHA256
5604665bdc058b9bd60fdec722d85b314b35a1d642e8f81df063a1a69773fa17

SHA512
45929243a657049e96bd747c17680563187795f58b9777e3ec3debb5c4498911360249d84aba810f33966007afd6dc4f391bf4b360b9c428a60570e0ecda9ce2

Download Submit
/data/user/0/aob.kwbzrita/databases/SettingsDB-journal

Filesize
1KB

MD5
6aa1023325335e2160c702c883a373c7

SHA1
67fe5f8a1144a8da314cf41363133f3bdc9e725c

SHA256
11807264078dc16985d3cd5c8a6bba82d2ff3c4a526ea4140b92afb45019f73a

SHA512
d767431e522b73383f1d1484b0fb79808bd7add4eb649072ad854d2f6ba4db87e9a5539752b1686a9a72d0e4aa9d0e1ba2a7d5da422cd06be5e4ff22be586bc3

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
2.6MB

MD5
12bf47e5f49c23411fc2b7f3b2a3c5d7

SHA1
559c0a430712cd06b42b8f40db03f0c6fb9f949a

SHA256
0fa8af0f8b32d31166c1b2e797818c2387fba6b676a17fbe890b0eb0c6272e10

SHA512
e01e262ad169a0a67c51ed0be21aee5f0d62539592fdc58fc31c928966bcdf285a5930eae52f5dee63b6744065b7791d832abbcc6bb0afa9d9d53845fecc4b7c

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.2MB

MD5
e294a13036c08d9699255b1443bd22bb

SHA1
4dcf9b92ddfa02eea32f3284b2e6a26df13630e4

SHA256
b5e949d3d4389e472dc0f5b089dd7c1ff996c1cd3c5ab5c18b269c42c57e5542

SHA512
6f945cac9ad0387b3fd6462487ec6021b8dc95446133e0f2eda913960e138c0c430339371d4e0d299a1e20cd1b55a2c1037d5702fa4395e7d50f05f189ec6872

Download Submit