aef28ffc3bd0de029e1eee25a1e5ab38b221c4d301e595042945fb7820d9cedd

Analysis

max time kernel
3069901s
max time network
153s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
27/11/2022, 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

prog.apk
Size

20.5MB
MD5

de4cd7441902fc9bc82be0d2d20d1110
SHA1

f56aba9a168822ba4b7712cafd47c7d25d8db246
SHA256

aef28ffc3bd0de029e1eee25a1e5ab38b221c4d301e595042945fb7820d9cedd
SHA512

a5e1608a6c9be7e019af1652d6a2406b19913e260d031f99c3ae3f0a76ca08ac4f6a266361bd3aac0a6ec1ca66517284dcd80908ba5f0b4b21bd30ea369dc3b5
SSDEEP

393216:gZXgOKsJA35z7A79L+6Af1mbgafiubchZTbJT9i/zVN2I+TXNJUKpPbNiRSKcsj5:gmkJA35z7c5EdmbBffc3Tzi/zVN2Ik9w

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	bdtabm.ttdtktoyl

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	bdtabm.ttdtktoyl

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/bdtabm.ttdtktoyl/[email protected]	4420	bdtabm.ttdtktoyl
/data/user/0/bdtabm.ttdtktoyl/[email protected]	4420	bdtabm.ttdtktoyl

Queries the unique device ID (IMEI, MEID, IMSI).

Requests cell location 1 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	bdtabm.ttdtktoyl

Reads information about phone network operator.

bdtabm.ttdtktoyl
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests cell location
PID:4420
- su
  2⤵
  PID:4515

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/bdtabm.ttdtktoyl/[email protected]

Filesize
1.1MB

MD5
ad5ae33d62fa2ad03600f3f967c3c700

SHA1
a870d474111f7b75ce8296bd0e9b99b88e5043d5

SHA256
9da1b581c166901960789c59e4256666e3b57ebe7d813ac4cdf4ab43fd9d7d2a

SHA512
7ca1f0afccd88cbe2c46c1900b6014e08837ca57cce9ad0d42760a04c5766a22ba7c571ac7f3e046b26c2809af0b272c3d545480f7550179d6074c83f139a554

Download Submit
/data/user/0/bdtabm.ttdtktoyl/[email protected]

Filesize
2.6MB

MD5
9211ccfcc4db6294b367965ddd55dc28

SHA1
85dd9881fa55bd82130602dc2700960a049bcf58

SHA256
d96ded18333593eae2ccbebd036949fadae70f11e7f24afc9b197a8f0390bafa

SHA512
9caf91bacfd812f178b04aa98ef0bca1f357dc46d12b524d2b2438ea585e36af750cad1d6244389ed2d8dae460cd377f2a6820e137f26943ffeb0fbdbad08738

Download Submit
/data/user/0/bdtabm.ttdtktoyl/databases/SettingsDB

Filesize
920KB

MD5
c40b870e7e989a65fd7379378ec45423

SHA1
b583882e4e6ea29935d35d91785c04646a0c756b

SHA256
5604665bdc058b9bd60fdec722d85b314b35a1d642e8f81df063a1a69773fa17

SHA512
45929243a657049e96bd747c17680563187795f58b9777e3ec3debb5c4498911360249d84aba810f33966007afd6dc4f391bf4b360b9c428a60570e0ecda9ce2

Download Submit
/data/user/0/bdtabm.ttdtktoyl/databases/SettingsDB-journal

Filesize
1KB

MD5
99bd1aad59edabcf78a9dfc32440f9e4

SHA1
4c07a371ac52b24ade40a43653f8dbe1daf350ee

SHA256
f357387d43fe52aed980da2a29e8e45cffd63873f8dc2d3881f4d118ce481bdd

SHA512
c78220cd8068a940d8cfe217d7d1cbc910174755c60a051864349669775a014803a230def5bb28e699f2c4637fc8094f5733528aa3fba877149c4da5fea5d8c7

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
2.6MB

MD5
d0cc37672adf5530709cd5e4d64d9674

SHA1
937464a72dcef4e6cbff41abd4d150eb0960304a

SHA256
7063b4bcad5dad606feeb750275a262101a1f4ce0489b206a6b516a7fc2ed664

SHA512
e48ed162f747166c683f784e5fffc1b4ca1b71ca2340e1ef03e3611e2a446a5020ebaf09302cc37ec381b996f461b68f889e187292409c3b74d26c1b28b8d373

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.1MB

MD5
1fe00742fa33e342b615aed5f9aca8e8

SHA1
ff0fa37046a3550ed7c29c1434224eae620d7bbd

SHA256
a4eeb9a0d5b4244debe042bb9208748c36855659ce53b89092e6f1d7a86ed137

SHA512
dacb5feb55dac2fbb1cab6d1bcae6205e04fc70123f2dd3adda1ecc75fd29a5967bf2a982cd255ddcded4d6ca890b1a5e70f3c1d91432cba3b7e0acc65c12467

Download Submit
/storage/emulated/0/.am/log_.txt

Filesize
46KB

MD5
7de68ac129dfe77d48d1d02e35f19fc7

SHA1
6207679d64477bdd4cd31b521495d8b176659734

SHA256
2c1e875730990a3c82c70ddf70ea44a1ffa2de09a24abd2a469827461e914084

SHA512
52cd674f7e2b22de4b7d42d3aaa6c03e4edf5f0c7b0e58e5a52796cf37585e83215f28f3958eba76feaa58b1aa1ff6c5ed1cbcdcb59b8765545de0331ae28c0a

Download Submit
/storage/emulated/0/.am/log_.txt.zip

Filesize
6KB

MD5
d6903b9985781c6dc4d5e0ff6a0d37ff

SHA1
ae4da2917dae6e9b559a315f183396bd8feb0cf4

SHA256
751ec1b9d6f7f83b787a8f30a9dd2c8cfd581b2b3be7690748aa60c6641a1605

SHA512
5a163359b8ce5024deea5a5c137c2aaf715b4af07ce9c42a06f30cbcf3241a31128387f698a8930a8d0ec223dc8f7af8d0c5f70a2f8772080495c018241cf44e

Download Submit
/storage/emulated/0/.am/log_1669517077368.txt.zip

Filesize
217B

MD5
223650aa923998137da2e44614a94384

SHA1
430779b58d96e7096242b2915e868d16959a8cbd

SHA256
44b9507b15702036fa273304602a79f7543346c6c9e34dc5cfb415e3d576d87e

SHA512
c58b07b22099d8ab40382b1fad8b0ae6edc3ffb2d83deaf250072932a422613795b1e405db9b9ea5b3a714c3100db11528f9ba52d74d0b844651cfed6ea19f29

Download Submit