Analysis
-
max time kernel
2430421s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
20-12-2023 03:34
Behavioral task
behavioral1
Sample
815646c16e4e2da289d67110d2afab7327a590bd336a2a251b23b251e796cb0d.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
815646c16e4e2da289d67110d2afab7327a590bd336a2a251b23b251e796cb0d.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
815646c16e4e2da289d67110d2afab7327a590bd336a2a251b23b251e796cb0d.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
815646c16e4e2da289d67110d2afab7327a590bd336a2a251b23b251e796cb0d.apk
-
Size
26.7MB
-
MD5
9114265fc4d8f024de0da6c0e5c767e2
-
SHA1
d6ba1dd7185bb8f5c415873391ea8f9f8c6ab1b7
-
SHA256
815646c16e4e2da289d67110d2afab7327a590bd336a2a251b23b251e796cb0d
-
SHA512
c6cc6bbca1c7dac664008e0f4b7de13da08f4e384d0d8b4526c638da73bcb736804aaaf286e7b4186448a285d227fc6edc569f101116789b9958d0d0c36220d4
-
SSDEEP
393216:p53b0xO+EyDlkDkXRVLwLnBAS5kZL4XOaqjP13NNV89K5AI1SZG069Rzme:rP5yBkkR9ytqjN3PuaP1yve
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
Processes:
cmf0.c3b5bm90zq.patchdescription ioc process Framework service call android.content.pm.IPackageManager.getInstalledApplications cmf0.c3b5bm90zq.patch -
Requests dangerous framework permissions 2 IoCs
Processes:
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/signal/base.apkFilesize
24.9MB
MD599967011c5a1b9fdf2ce407a5bcb651a
SHA18cc104c3b8bc96e5ac38c7a2fc73fef2bba07dc9
SHA25682420d73102328abf9c725ef4b807795733eff1e3670f42e565aceb79708bc4b
SHA512e73564b557644b018b077c1ddaf8275a2f5d3e1faa8cbe236a3dbe49316a48b03096f548929d79fd5e05188bb7f550a9fc28207f6dbeb0f8504388167c768970