36bfcc34b706c0fb9b6d38e079a1cbf89d759095def7686aea403d79328c4e49

Analysis

max time kernel
2827659s
max time network
156s
platform
android_x86
resource
android-x86-arm-20230831-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
submitted
18/09/2023, 13:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

PersonalMessenger.apk
Size

75.5MB
MD5

eccb8868e7a2f57e7f07ed79b6b6c115
SHA1

3f0d58a6ba8c0518c8df1567ed9761dc9bdc6c77
SHA256

36bfcc34b706c0fb9b6d38e079a1cbf89d759095def7686aea403d79328c4e49
SHA512

64d8881d134ffa8b8973e7fb3e40186a6a6b49ee161595cf84fba1579f55cd2c15816dc7c1377c4496a8e7059501f46b93ef2d1f59ae3c6579184faa0948a694
SSDEEP

786432:WcrVt8DKEy/tPPYBOHkQlvfLX8RLbO0uM8oAffI0mN3OQ7LMa3lQ9eXknxHy:WcrTp1PaAkQlILb0nMO+MkOS

Score

7^/10

Malware Config

Signatures

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.zcoders.snapme

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
6	api.ipgeolocation.io
7	api.ipgeolocation.io

com.zcoders.snapme
1⤵
- Acquires the wake lock.
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zcoders.snapme/app_sslcache/deskmessenger-77572-default-rtdb.firebaseio.com.443

Filesize
8KB

MD5
0e522efd18aeb88d3945442f789a3629

SHA1
ca13a5de27f469b1595f775e007f8e0516a9fbbd

SHA256
c20016fd61778314e6efd05ebfe45799ae1ea82ecb5fa81cca94b6baf6b3f0ea

SHA512
be43a7e90d96a75f0c179c8f420fdf14e4109796faf0a94b431eeb0b10f0d51234931825f1fe9602fa74fcac913680dd95094cc480627f61e7d646f6d6395846

Download Submit
/data/data/com.zcoders.snapme/app_sslcache/s-usc1b-nss-2145.firebaseio.com.443

Filesize
8KB

MD5
79ae00ede99c9f0bcdea952ec4a6cac5

SHA1
6d030f59f165236e0a1736c9083c593d012a0f9f

SHA256
2350b5b11e476337d79992ef866234e9b08c3d906f3b8d7ffb63602de339633c

SHA512
2856f70fc7c18bb4e7db407f02a5662483112827f00b644fccfbc8c098d381711f5c041386689468aab12990fd5a9a51e9d7481806bd208b003ed5e81416126c

Download Submit
/data/data/com.zcoders.snapme/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.zcoders.snapme/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zcoders.snapme/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
95389c127af9487025b9b89bfb66f0b9

SHA1
8fd041072e1b0dd797575d103203d66c7f33bc9e

SHA256
126654bd1e92b7378b2220c9ffea4f44c1a8a047fe79d076eb3a13218afc8bba

SHA512
5e87a2743bb863de3c8e5a802e283cce285c89b16253be7ed49ca6c31360385d9729be02e51525a17c983813b7f9c2ca6661628f31185ef78e7e6d9cc0b3fb33

Download Submit
/data/data/com.zcoders.snapme/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.zcoders.snapme/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
7d12d6521a5601dadecd412faccdc221

SHA1
028202e2f7b1b018e7634f9edd5d5585db44d347

SHA256
615681b705fe8c2aaf16095ddbe403800e44fdef04589cef5d79b0d50f81ac53

SHA512
be32bd8b2e2d44ad659801897c566885a1da08778dba597c2f41030df1dea2593145626d857e34029fe6c5106538dcd0b865880810854da56f6fe22eaca3b986

Download Submit
/data/data/com.zcoders.snapme/files/PersistedInstallation3717897478728126082tmp

Filesize
90B

MD5
159b39ffe1f7c441602b37daebc0fa92

SHA1
043552e3d900860c2977774caeca71d85af6f65c

SHA256
5069e7b84a1a82b559f6ede94940aad0ec960000f6affeaa40b09fbfd60138aa

SHA512
980cb8ca5c59ac8768e70771fb64a3c6a81f4bde40e35518e7d65f2fe4f3c47bec587b5cb774d8db3a6e0cf1cc24b975c7a76512349ac8145eec2741a68d7d78

Download Submit
/data/data/com.zcoders.snapme/files/PersistedInstallation8676503248965861357tmp

Filesize
567B

MD5
64cae07ae37283fd3449529edcef56d6

SHA1
9db3cdf6cdce3cac9bea017e68bcee85d0ec3b5d

SHA256
55bb412c38360f4cf6484103c40a99b40308e1e04ae0051e2d06f87612c01550

SHA512
81b79bf21e18b3b5ae2d7cb2e60ab6991d3cc4a5f9055c65eef6b44154c84271f1f2c4c60e43133ea63fdf31dff0e371070ca78b2d4f4e4531cf76726ebbe1a6

Download Submit