a311e0267409c0a8035d8b030eb97ce6ec7d750f231ed394db595aeee528c2fb

Analysis

max time kernel
632653s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
29/10/2022, 21:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

prog.apk
Size

20.6MB
MD5

63eb9e1f11e12e8eafdd93d868664f02
SHA1

dfc3ab43ffc558370b31f3bd8d18beda2f384392
SHA256

a311e0267409c0a8035d8b030eb97ce6ec7d750f231ed394db595aeee528c2fb
SHA512

af4f1264033bc1ff32a735cbcaf7eb2cfb5e8d6c19749aee9436f469586663930a83280f293ffb3e823b9635a679ef03df3fcb686dfa2ab9b856770600cd4e82
SSDEEP

393216:FdaOWsJA35z7A79L+IsT1mbgafiubchZnbtT9i/zVN2I+TXMBqKpPbNiRSKcsKJS:/aEJA35z7c5K5mbBffc3nvi/zVN2Ikcc

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	mgag.rmbclay

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	mgag.rmbclay

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/mgag.rmbclay/[email protected]	4255	mgag.rmbclay
/data/user/0/mgag.rmbclay/[email protected]	4255	mgag.rmbclay

Queries the unique device ID (IMEI, MEID, IMSI).

Requests cell location 1 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	mgag.rmbclay

Reads information about phone network operator.

mgag.rmbclay
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests cell location
PID:4255
- su
  2⤵
  PID:4310

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/mgag.rmbclay/[email protected]

Filesize
1.1MB

MD5
ad5ae33d62fa2ad03600f3f967c3c700

SHA1
a870d474111f7b75ce8296bd0e9b99b88e5043d5

SHA256
9da1b581c166901960789c59e4256666e3b57ebe7d813ac4cdf4ab43fd9d7d2a

SHA512
7ca1f0afccd88cbe2c46c1900b6014e08837ca57cce9ad0d42760a04c5766a22ba7c571ac7f3e046b26c2809af0b272c3d545480f7550179d6074c83f139a554

Download Submit
/data/user/0/mgag.rmbclay/[email protected]

Filesize
2.6MB

MD5
e18a6ec764045682d06f7104133d28f4

SHA1
8e66d9688f5d27a4a58066aedf47922044c6e9db

SHA256
5c9fe272f15217d7ebad7bf093fba38e9e09e3cf70288927c4378cf98aa839cd

SHA512
8f60e754d91bd72ae6a3b80f56005f2be7147e4adb78b6fd85de19533d151f4c10f28eba62f85c4a03f8906d4b47892446166c47515186ec47ea3ce3416a779d

Download Submit
/data/user/0/mgag.rmbclay/databases/SettingsDB

Filesize
920KB

MD5
c40b870e7e989a65fd7379378ec45423

SHA1
b583882e4e6ea29935d35d91785c04646a0c756b

SHA256
5604665bdc058b9bd60fdec722d85b314b35a1d642e8f81df063a1a69773fa17

SHA512
45929243a657049e96bd747c17680563187795f58b9777e3ec3debb5c4498911360249d84aba810f33966007afd6dc4f391bf4b360b9c428a60570e0ecda9ce2

Download Submit
/data/user/0/mgag.rmbclay/databases/SettingsDB-journal

Filesize
1KB

MD5
9875074e8e011fe23245e1cf0c013d94

SHA1
fc8dbac163213bfea1c64bece60d2e56a0b05b83

SHA256
d04c291194860914fa065fb983bc9ec722a4dfe4659af417534376d4266c72c7

SHA512
f3033b4250fc60aa875037013f934dc5d663d4f8b9f493ddca70b1f34b902438646a018957cc1776c1be1904faeef0d13ac95812ab3332afdb8011faf890c755

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
2.6MB

MD5
2ec24d41a913e1328b57787b766b1699

SHA1
cf3784ab39070b5de3727a66969568e149433218

SHA256
72a0ec37ec5990aba1e5eda6765354497de446cc4376a16f5794858c3b036b81

SHA512
9ec6ddd63bc1c7c3acb3f5977f64d6fb486cc82d24ee1ee006e48fc6592d2edbc29635b2dbbee6ef94585afb1e5cdf1cadd4d9a799fa9f6b051311f03378c3e7

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.1MB

MD5
1fe00742fa33e342b615aed5f9aca8e8

SHA1
ff0fa37046a3550ed7c29c1434224eae620d7bbd

SHA256
a4eeb9a0d5b4244debe042bb9208748c36855659ce53b89092e6f1d7a86ed137

SHA512
dacb5feb55dac2fbb1cab6d1bcae6205e04fc70123f2dd3adda1ecc75fd29a5967bf2a982cd255ddcded4d6ca890b1a5e70f3c1d91432cba3b7e0acc65c12467

Download Submit