Overview

overview

10

Static

static

10

6eeb683ee4...ba.apk

android-9-x86

8

6eeb683ee4...ba.apk

android-11-x64

8

Analysis

  • max time kernel
    2257979s
  • max time network
    142s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    19-12-2023 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba.apk

  • Size

    2.9MB

  • MD5

    b0c5b2b4d6678c9faa5140a040a1ab73

  • SHA1

    ca101ddfcf6746ffa171dc3a0545ebd017bf689a

  • SHA256

    6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba

  • SHA512

    4ac35472e292b4491e96d32ccd73f73fef10ed90070bcc16d1c69b0c800762a47fde01871a75274b2036eeb76705767c9a4d282e1f57bf55931da9011195e2fd

  • SSDEEP

    49152:duRML7jNf7mUqyKD/09lXUKhoHvoiUc/l9tZ5yHKhs76ry5K+X6j1VHzfjqD:1jN7xLG/Ul70RUcN9tXkj7eH+Xu1JzfS

Score
8/10
bankerevasion

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker
  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.tencent.mobileqq
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Requests cell location
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4594

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events
    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

    Download Submit

  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    c1e0c8ca28e9554afca40d946728579b

    SHA1

    8ef9edead9b7adfcc4678aeeabd5398e518656d0

    SHA256

    265675ed7904981a97ff55408b9ddb36572c713af35eb26e0531f2e2863f3065

    SHA512

    e58eea6feb700d242ffc6a9ee719d26e1340149fd379f531d9e2d11213158c713fd4a444b5b86d26d1151e4f8d9ac8f2d9227d02ba232505841234ddcdcf019b

    Download Submit

  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    2053b8de0c41a004eb69f1fba2bf5ae6

    SHA1

    d8c79de7f87bf469019abe2f85e427c7e6f6fa11

    SHA256

    5f30a80158ee741ed3851a62d7508b8d2f7c727c7e8c7944f079dee6da9fffc3

    SHA512

    816ba8bde87bc1482ba13054c7be531e34d4bbce5de5a9fb86ad95e5b006a2771dc4365674c3bd351b93e851e840a7e2bca28a0464d10922cf3df216953d2811

    Download Submit

  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    61395ea941b33c567dd7d52a11ef9b64

    SHA1

    a197ec3188e8815a3d7974df65ddb533613010ce

    SHA256

    a55f7377c9a616d1472a55dc4cbf4b62396d412c34d11251e1cf35e6b48bacb6

    SHA512

    abd8a52038cb3b99963da5191df42c1117265536f7f0e04bd87b7b12025f07074b1ab88f4f87db066d333036e2035854922ebc50e0e968ad69945375a5a54bfa

    Download Submit

  • /data/user/0/com.tencent.mobileqq/files/PersistedInstallation2383676995296690127tmp
    Filesize

    90B

    MD5

    e9c0ab8ef9f5182d8a287e13edad0de6

    SHA1

    598000658ccda0fcd9cf2b433b4835d2cc44bffa

    SHA256

    846d16f501ab001b9a3ac086995a982549622100057a8c83a9d1c478b05ba471

    SHA512

    2b5d8929a9388f26e6f60eae5dcc82ce460d9aed05b71036a39dad14080e74ccf051cd93d8318a0222d2bd125967be6f6fbac6e506f6fba5ee915c3de98454bd

    Download Submit

  • /data/user/0/com.tencent.mobileqq/files/PersistedInstallation3794715088909252619tmp
    Filesize

    114B

    MD5

    9b13ee2c103aa0a917a6249e11918a71

    SHA1

    d4698ae14fd5e3490d1e0fc6f4e2e344c827f63e

    SHA256

    76166a715c3cd92d4a16b726842d6d163eb5e7b2302ad7bc6c13bc8555a91abf

    SHA512

    40dd115531af4d9d4ddd56e81296058350f5b6a7213919534d5b536014be48f3660ce775615540984f4fe75dd0cad47da65d55d70adf9b5f7c5d1fe4e0f196da

    Download Submit