6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba

Analysis

max time kernel
2257979s
max time network
142s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
19-12-2023 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba.apk
Size

2.9MB
MD5

b0c5b2b4d6678c9faa5140a040a1ab73
SHA1

ca101ddfcf6746ffa171dc3a0545ebd017bf689a
SHA256

6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba
SHA512

4ac35472e292b4491e96d32ccd73f73fef10ed90070bcc16d1c69b0c800762a47fde01871a75274b2036eeb76705767c9a4d282e1f57bf55931da9011195e2fd
SSDEEP

49152:duRML7jNf7mUqyKD/09lXUKhoHvoiUc/l9tZ5yHKhs76ry5K+X6j1VHzfjqD:1jN7xLG/Ul70RUcN9tXkj7eH+Xu1JzfS

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
banker

Processes:

com.tencent.mobileqq

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.tencent.mobileqq
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.tencent.mobileqq

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tencent.mobileqq
Acquires the wake lock 1 IoCs

Processes:

com.tencent.mobileqq

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mobileqq
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
evasion

Processes:

com.tencent.mobileqq

description ioc process

Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mobileqq

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.tencent.mobileqq

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tencent.mobileqq

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mobileqq

description	ioc	process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.tencent.mobileqq

com.tencent.mobileqq
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4594

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events
Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
c1e0c8ca28e9554afca40d946728579b

SHA1
8ef9edead9b7adfcc4678aeeabd5398e518656d0

SHA256
265675ed7904981a97ff55408b9ddb36572c713af35eb26e0531f2e2863f3065

SHA512
e58eea6feb700d242ffc6a9ee719d26e1340149fd379f531d9e2d11213158c713fd4a444b5b86d26d1151e4f8d9ac8f2d9227d02ba232505841234ddcdcf019b

Download Submit
/data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
2053b8de0c41a004eb69f1fba2bf5ae6

SHA1
d8c79de7f87bf469019abe2f85e427c7e6f6fa11

SHA256
5f30a80158ee741ed3851a62d7508b8d2f7c727c7e8c7944f079dee6da9fffc3

SHA512
816ba8bde87bc1482ba13054c7be531e34d4bbce5de5a9fb86ad95e5b006a2771dc4365674c3bd351b93e851e840a7e2bca28a0464d10922cf3df216953d2811

Download Submit
/data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
61395ea941b33c567dd7d52a11ef9b64

SHA1
a197ec3188e8815a3d7974df65ddb533613010ce

SHA256
a55f7377c9a616d1472a55dc4cbf4b62396d412c34d11251e1cf35e6b48bacb6

SHA512
abd8a52038cb3b99963da5191df42c1117265536f7f0e04bd87b7b12025f07074b1ab88f4f87db066d333036e2035854922ebc50e0e968ad69945375a5a54bfa

Download Submit
/data/user/0/com.tencent.mobileqq/files/PersistedInstallation2383676995296690127tmp
Filesize
90B

MD5
e9c0ab8ef9f5182d8a287e13edad0de6

SHA1
598000658ccda0fcd9cf2b433b4835d2cc44bffa

SHA256
846d16f501ab001b9a3ac086995a982549622100057a8c83a9d1c478b05ba471

SHA512
2b5d8929a9388f26e6f60eae5dcc82ce460d9aed05b71036a39dad14080e74ccf051cd93d8318a0222d2bd125967be6f6fbac6e506f6fba5ee915c3de98454bd

Download Submit
/data/user/0/com.tencent.mobileqq/files/PersistedInstallation3794715088909252619tmp
Filesize
114B

MD5
9b13ee2c103aa0a917a6249e11918a71

SHA1
d4698ae14fd5e3490d1e0fc6f4e2e344c827f63e

SHA256
76166a715c3cd92d4a16b726842d6d163eb5e7b2302ad7bc6c13bc8555a91abf

SHA512
40dd115531af4d9d4ddd56e81296058350f5b6a7213919534d5b536014be48f3660ce775615540984f4fe75dd0cad47da65d55d70adf9b5f7c5d1fe4e0f196da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads