d069242110ce090556d137dbc597026dea64f04a69ded8981a58d65f72398c03

Analysis

max time kernel
1131773s
max time network
163s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
12-02-2023 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

prog.apk
Size

20.5MB
MD5

e12eac8c1f474f6414aa5a5c61e5a495
SHA1

995538cc22270ec323fb855160c191ae8dd6944c
SHA256

d069242110ce090556d137dbc597026dea64f04a69ded8981a58d65f72398c03
SHA512

bb53eb3815a82a7f3cd4bf9a2295e4100f6e00dff0c75c15cbff4791eab7b838ca6267c91803e9ef10ae4b0bb639dd8ef80f0f8ce07d8776d8f90ce31356b991
SSDEEP

393216:3M0sJA35z7A79L+D+01mbgafiubcgZ3bRT9i/zVN2I+TXZxUKpPbNiRSKcsIJ7:cbJA35z7c5rKmbBffca3Li/zVN2IkpSy

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	fqamvlik.hlbhj

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	fqamvlik.hlbhj

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/fqamvlik.hlbhj/[email protected]	4299	fqamvlik.hlbhj
/data/user/0/fqamvlik.hlbhj/[email protected]	4299	fqamvlik.hlbhj

Queries the unique device ID (IMEI, MEID, IMSI).

Requests cell location 1 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	fqamvlik.hlbhj

Reads information about phone network operator.

fqamvlik.hlbhj
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests cell location
PID:4299
- su
  2⤵
  PID:4407

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/fqamvlik.hlbhj/[email protected]

Filesize
1.1MB

MD5
78b8d2ec7be3407d5e17841bd15d2be2

SHA1
358c2c9bf054d6e5dd9afec4ff34b80f60cf686b

SHA256
099d349010b34a484c9217f6118ac814c55a7f8ce98a1738b28a927c1195a2df

SHA512
8e58fc1a7c9f03ab8013717bc32d3b995d1dfd329fb89763c5a1982adfbb2ab56c03f6657c4c6bb832eefa27084cdcfb67ecaa0d41561df8a11d9bd3dba0ef58

Download Submit
/data/user/0/fqamvlik.hlbhj/[email protected]

Filesize
2.6MB

MD5
b835b6cb8daba8f086b2ac3b97c8fe2f

SHA1
ad17483ec676690bc13d1d9a98a3bb327fabb7da

SHA256
efa786a9dd0e09db3b8ebbf98b654a4ca2d23e20306cb3e5476bf202b9ff0051

SHA512
017bed961d0f8c652230f5c0fd8d5199351c486202b563fa14b7b12e6191191d10143be24a68aac32a5b22b2b47f05992d6334d196c54e51e40f60677d980714

Download Submit
/data/user/0/fqamvlik.hlbhj/databases/SettingsDB

Filesize
920KB

MD5
c40b870e7e989a65fd7379378ec45423

SHA1
b583882e4e6ea29935d35d91785c04646a0c756b

SHA256
5604665bdc058b9bd60fdec722d85b314b35a1d642e8f81df063a1a69773fa17

SHA512
45929243a657049e96bd747c17680563187795f58b9777e3ec3debb5c4498911360249d84aba810f33966007afd6dc4f391bf4b360b9c428a60570e0ecda9ce2

Download Submit
/data/user/0/fqamvlik.hlbhj/databases/SettingsDB-journal

Filesize
1KB

MD5
85157c69a942b85a0e53b7841838879f

SHA1
32642d8f3f9a6d85a7a3d8021ee5cd450c0fe246

SHA256
827c449d74aefd1919ef6bd40d97c5fd8e9331308cd6687dc344b655a6390677

SHA512
7212bec10c8b76af9ae62756f0d82ac6adedce07c043b89734e3a3f754a8ea05c53371518a7370dd7c8fa26d240add3fbafc67fc8cccadb606fdcb53e3666902

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
2.6MB

MD5
ddb38da4396db3eab5a8303f0e4a8345

SHA1
5579392e05944ad06c42cbcb7ddc82934d0b2f4c

SHA256
41c1492437794939b34197f83e80b576f80409c558671c397166d4360f9a9a2a

SHA512
f5d932eab7f754cc08ebcba0f23e837d3015aa573ae6ca0999491427ef1cf42da012216135b576e97c5acef4e5cb99ad28b909585da79e22ac22b2fc754a000e

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.1MB

MD5
c32e01dcd20dd70e261d56c73448ebbb

SHA1
1276ee4fe877a89e7dbcefe2afba20cb066499b2

SHA256
990bd5dfa4fb1c1bfde05e25d81f8544d115f2cdf371db7b0ca89bb5ac47983b

SHA512
27cbe06fd5c9e5d4c9f81e211837aa9fba7f7c84cb6655d3ff9e0563dbce147485789757aeb8bd7f0e8ed64828cc6d44e0e87e51c45ba81d0ee71025de80b430

Download Submit
/storage/emulated/0/.am/log_.txt

Filesize
52KB

MD5
921f897d27736b2706b6287f5b4c7d03

SHA1
44eb63fd5baf3a007afebd36ee185709792e54cc

SHA256
cca3aa061f81e4013aadda01db3ae35029c7061e7fa855805987cfd0c5cc5f20

SHA512
e22eb52bd0f7cf7c90d1373e4d50bf2b67d1c1efa6d599fc929506e69a6469d0aa78a530b7aa9060cd3ae0d70ec4fdefda3b58a7d401f3896425acfd0ef5ad3c

Download Submit
/storage/emulated/0/.am/log_.txt.zip

Filesize
6KB

MD5
b9cccf1f3562d9d100c0765d38204a54

SHA1
5c1ee4d1366425673d5fc708b8ce52556de02573

SHA256
823ad8c169d828b9875051106d24d0bf29ab8916bd86f8bf567ea65d4bdb97c7

SHA512
d4fdcc595c33625e3128c05c567051fe3150dd242f5982509c56034c82d47ff2cba427c2b72575105c8303d96b8cd0f7ddacb682d990a77b0819bcce836cb580

Download Submit
/storage/emulated/0/.am/log_1676168874135.txt.zip

Filesize
216B

MD5
c971ea87055e1259be54c2e37616da59

SHA1
3ee7daa5288344d4684a72c3f0ed1cf82fbffd39

SHA256
9eac2bf43935a1686066e70bcbdbf16dfbe8337efb4931b40ad13034957685c8

SHA512
424cd7981a5e6a00b277743ec4bb8a402170f3aca4d849f8b479255173ae5a84fab76c0891a1a4451bb4c0657dfcf589c9870659a2652ac0fb40cc6e60890889

Download Submit