36bfcc34b706c0fb9b6d38e079a1cbf89d759095def7686aea403d79328c4e49

Analysis

max time kernel
2827611s
max time network
156s
platform
android_x64
resource
android-x64-arm64-20230831-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
submitted
18-09-2023 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PersonalMessenger.apk
Size

75.5MB
MD5

eccb8868e7a2f57e7f07ed79b6b6c115
SHA1

3f0d58a6ba8c0518c8df1567ed9761dc9bdc6c77
SHA256

36bfcc34b706c0fb9b6d38e079a1cbf89d759095def7686aea403d79328c4e49
SHA512

64d8881d134ffa8b8973e7fb3e40186a6a6b49ee161595cf84fba1579f55cd2c15816dc7c1377c4496a8e7059501f46b93ef2d1f59ae3c6579184faa0948a694
SSDEEP

786432:WcrVt8DKEy/tPPYBOHkQlvfLX8RLbO0uM8oAffI0mN3OQ7LMa3lQ9eXknxHy:WcrTp1PaAkQlILb0nMO+MkOS

Score

7^/10

Malware Config

Signatures

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.zcoders.snapme

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
30	api.ipgeolocation.io

com.zcoders.snapme
1⤵
- Acquires the wake lock.
PID:4629

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zcoders.snapme/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
d0039abe8c087ea512dc36e00a66380b

SHA1
7ab011acff741dd0b3f1af7662350cd4950551d0

SHA256
122195fc59dcf84761e9556686e5050900a692b4e5a43c9a8338026df8810500

SHA512
498f0504049c2ae06a8d1a242f16dff2346e6e88ccbb8b285d1838cddfe61598e51909e08b219b47e8c9f062199e5f2c232eae7ed0d76f5a4249a26434ca5cf4

Download Submit
/data/data/com.zcoders.snapme/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
19114599bbba5442d777593da7551b25

SHA1
62e7820bdc3cd0566a1af086e0ef5241647ee176

SHA256
8f5ce39d114059bd3e050f57afd52a1403e75f7618ea41dbefc20171ad4eea4f

SHA512
c62e2562ea45fc2cbf36389c8b8c1ce565a0cd902579e6362faefc533cc1b7e31be9a8a02de6c9d513ea5c8ac6c3ac3e6d0bd21f2edf2809d3d474b6f0c010d3

Download Submit
/data/data/com.zcoders.snapme/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
9726c1bb89c6fddc8f3c250163a83573

SHA1
7a99b514aecddd0178331779d5d8ad9d09ddf968

SHA256
53d92912297bf2e24e86e9ab53c235debfdfb4e1018dc4854e3ab0f82a1162a1

SHA512
9a9343e2f9e08047963338480e686f3371342e0258e65dec569b6862d1f411f1e90c6732c70d9fc21707a0de54590418037a6db1aa619a8b2af543375f92b1dd

Download Submit
/data/data/com.zcoders.snapme/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d462e0d6439bc4c33f5486660b0f6ca0

SHA1
a1a6c6cef31ed09aead9980f2fe891e0762ec303

SHA256
4ecaa03bc22fdda15585b56f69d79c0a694abbe163cb7aea76f7171f2cce19fa

SHA512
3c8c6cb94ea922c95e360e7c43c3b9c8d948a54297ecc5a231150de6301cace788fb91af7bab76c8682999c3e4939dd481e0202e28be465ad9c12d85dfb907be

Download Submit
/data/data/com.zcoders.snapme/files/PersistedInstallation1633701137913324336tmp

Filesize
570B

MD5
e3f647aa94ab44c3864a0253487bb18f

SHA1
85f1f42aa65b722a2eb1d5828c325a1bdb8e59a8

SHA256
e6525f5247b88d9590358c9e2c0284ee550cc815d1c5844b52bd0dfd4a2cfd65

SHA512
ea00c130a7354e37aa6186aaba3e5ea230aa954872b033395deaef106ec132a6f4c7118a6fa7b238e6599929de839370b02ea6129fa3575ae4fa78dda94b1bb3

Download Submit
/data/data/com.zcoders.snapme/files/PersistedInstallation1925269371772892815tmp

Filesize
90B

MD5
6a3ec61d1908afd481c9be130750607e

SHA1
be21784fcfae3a21e430ad467aee778642dd9d9e

SHA256
4f1e1ae9be9d2399ecda8ad92f7386646e86af51d4461bd45a8914eb3e8bdafd

SHA512
c501fccc6e92973a87ebe4e2c2ec824be5c4db275ba2e88b3093055db8adb4f6418fc96e70b768a46e1bc267b6d73f91809797e2d2846060971127c1607027a3

Download Submit