eb11e5ee7b81d485f871ea938d1dd7a4882feac6a53c7c69e687e732fde92003

Analysis

max time kernel
267930s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
02-02-2023 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

prog.apk
Size

20.5MB
MD5

5db9c9ef5d4d5d385a248364d867df17
SHA1

12b255036ed20285c7ed04e46c1a8274ec552a96
SHA256

eb11e5ee7b81d485f871ea938d1dd7a4882feac6a53c7c69e687e732fde92003
SHA512

a41379dcc0acd8d8fd8fb5eb4d15ff45c1043161dd7490466ce1d8e7597e636650b05677e0592cf7941c55dec42ba164e313d1654c7911e0b1919b4fa4c70c00
SSDEEP

393216:sJGssJA35z7A79L+xaJ1mbgafiubciZTbrT9i/zVN2I+TXKtqKpPbNiRSKcsAJ1:yaJA35z7c5B/mbBffc4TBi/zVN2IkaMG

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

pssybud.ipsdrfemn

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications pssybud.ipsdrfemn
Acquires the wake lock. 1 IoCs

Processes:

pssybud.ipsdrfemn

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock pssybud.ipsdrfemn

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	pssybud.ipsdrfemn

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	pssybud.ipsdrfemn

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

pssybud.ipsdrfemn

ioc	pid	process
/data/user/0/pssybud.ipsdrfemn/[email protected]	4248	pssybud.ipsdrfemn
/data/user/0/pssybud.ipsdrfemn/[email protected]	4248	pssybud.ipsdrfemn

Queries the unique device ID (IMEI, MEID, IMSI).
Requests cell location 1 IoCs
Uses Android APIs to to get current cell information.

Processes:

pssybud.ipsdrfemn

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo pssybud.ipsdrfemn

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	pssybud.ipsdrfemn

Requests dangerous framework permissions 4 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Reads information about phone network operator.

pssybud.ipsdrfemn
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests cell location
PID:4248

su
2⤵
PID:4310

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/pssybud.ipsdrfemn/[email protected]
Filesize
1.1MB

MD5
78b8d2ec7be3407d5e17841bd15d2be2

SHA1
358c2c9bf054d6e5dd9afec4ff34b80f60cf686b

SHA256
099d349010b34a484c9217f6118ac814c55a7f8ce98a1738b28a927c1195a2df

SHA512
8e58fc1a7c9f03ab8013717bc32d3b995d1dfd329fb89763c5a1982adfbb2ab56c03f6657c4c6bb832eefa27084cdcfb67ecaa0d41561df8a11d9bd3dba0ef58

Download Submit
/data/user/0/pssybud.ipsdrfemn/[email protected]
Filesize
2.6MB

MD5
614da8d51fc3c515d4b34d46ab127e95

SHA1
f280bb384a79996d50f4c0eb2f02d16b13b4dd2e

SHA256
2b39d5e8ce6e5d1a6a29e9848c58dabe950205e655c5881e4a7a2b7184410125

SHA512
2773b32ed72de0981d803804702c2ef54a93e525d6b0fe5f941b33eb2f7fc82b2d38535f26038408a0d9e0e70d8de6a23c82afe713b6b5910d763759cfc86d2b

Download Submit
/data/user/0/pssybud.ipsdrfemn/databases/SettingsDB
Filesize
920KB

MD5
c40b870e7e989a65fd7379378ec45423

SHA1
b583882e4e6ea29935d35d91785c04646a0c756b

SHA256
5604665bdc058b9bd60fdec722d85b314b35a1d642e8f81df063a1a69773fa17

SHA512
45929243a657049e96bd747c17680563187795f58b9777e3ec3debb5c4498911360249d84aba810f33966007afd6dc4f391bf4b360b9c428a60570e0ecda9ce2

Download Submit
/data/user/0/pssybud.ipsdrfemn/databases/SettingsDB-journal
Filesize
1KB

MD5
c51be0fd76f0fbfe22f181e0a06b2ab1

SHA1
4145bd4f1f8a4614e3d07707468b69cf30be164c

SHA256
2f6960cf4fdf9db886d7725a4e405f444c2fb5786aa08e02cbc1065a9c1e707d

SHA512
c435bd15c2bcc5833b7b040eee74eefb7832c9001a43b6627122c9f0dc72909271516de48a6dbac3c09077d1729b60e964598296c86ef642be3a251e865820d8

Download Submit
/storage/emulated/0/.am/dm/md/main.md
Filesize
2.6MB

MD5
5e46d786a444685f027d95cd1233569e

SHA1
7f1369af0add2082b5c4e825a64f887266d2a666

SHA256
27b69bf218d0a645c8c57c9c0c4cf7bf6dcfc4d0b741770a1cf6735ba97c7bc4

SHA512
f62d8a06082bc73ca0fc56cc7fd697b7c3a0e5301148b530e92e2108bb832427132fd9d3150c49ade8ae56d34443be26197a803da80d1de5499d14d48e2cbd9b

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md
Filesize
1.1MB

MD5
c32e01dcd20dd70e261d56c73448ebbb

SHA1
1276ee4fe877a89e7dbcefe2afba20cb066499b2

SHA256
990bd5dfa4fb1c1bfde05e25d81f8544d115f2cdf371db7b0ca89bb5ac47983b

SHA512
27cbe06fd5c9e5d4c9f81e211837aa9fba7f7c84cb6655d3ff9e0563dbce147485789757aeb8bd7f0e8ed64828cc6d44e0e87e51c45ba81d0ee71025de80b430

Download Submit
/storage/emulated/0/.am/log.txt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/.am/log.txt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/.am/log_.txt
Filesize
52KB

MD5
ac993b56d29f4f30f7c0ad5d63ad3548

SHA1
63d681607184d21b21cdb29ca6fd2266403eac5a

SHA256
b5739069e7fd9eeade6a1019df86970cce31d59ef6f2331a6c0e1475562003a0

SHA512
217198f529dd418d2b024f63e96e389bb096edd75416249c7934229163431776718b236ed0bdb57e2aefce68d02eaa730d8c08a079a88fd61d09ffb452f645b0

Download Submit
/storage/emulated/0/.am/log_.txt.zip
Filesize
6KB

MD5
dffdf28255bc9680ef93975f601732a3

SHA1
002525e3af26ef86d804de083166700766e77f3f

SHA256
69cd1757adc682f1e42d4dc1653895d1240739c822232b4dc4659e3ee92551ee

SHA512
3dbafac81c7626d5d71d7de6cf269a8d5a0069fc910074a7df964dc83af7df2f1f04aa2aa6836f7f955b11404ec983cb486d56fc750e9c7735395c97975d2fde

Download Submit
/storage/emulated/0/.am/log_1675305023195.txt.zip
Filesize
217B

MD5
e08374204ffeaacdfda5746f5ef26b66

SHA1
987ec1220dd6b9a9ba58f3dd2c170d09f7f0899d

SHA256
d800fba51b354d2a6000626401b7279ca7da037a51ce6c1cbb203135d805a8e4

SHA512
b64b2c04c9dab41216238ac015ff24f1503281ca4221c5129977456b633fd7b7b56121c9d8fa5af63c50c301ced154d18c3b1948ac58974ea9e795b3fe2836aa

Download Submit
/storage/emulated/0/.am/mch.apk
Filesize
126KB

MD5
9259a4e28d55bb8373986fea7ca01d33

SHA1
08045ae80e4016f719a3a930777a8a2c336e0cfa

SHA256
ed971c307e880b648ce9f816827430f5aa7ad7b105ed04ca879c71765f73c137

SHA512
2818d7fd376865ba1e383e847ba8547cb0ef0c1d7911913062f1a736bf5fc42c03f513e9da8e7731a2714a9c979653c2e6873bf2569e97be49e6cb825f8d21e8

Download Submit
/storage/emulated/0/.am/prog_class.name
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/pssybud.ipsdrfemn/files/Download/mch.apk
Filesize
63KB

MD5
8accd9a542a0274ae4cff9d007d5b375

SHA1
9d743ef6332b815b42fa136e1f7379961f31b995

SHA256
e06ec0f874cdbbf85e1c762f0559a514948d5a71636e020c58f53d750e93a855

SHA512
0c10dd9ba0b062df3b71514edcbbf16f65f265874230188fe80a63eafee416cefcaa847646386125141f4d20c50c035073b6c83a5afdceb708753f697e358b7b

Download Submit