9146e0ede1c0e9014341ef0859ca62d230bea5d6535d800591a796e8dfe1dff9

Analysis

max time kernel
2433495s
max time network
164s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
20-12-2023 07:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9146e0ede1c0e9014341ef0859ca62d230bea5d6535d800591a796e8dfe1dff9.apk
Size

2.9MB
MD5

5ef94cbc5a182cba6d65ec6884e98a21
SHA1

4f8145805eec0c4d8fc32b020744d4f3f1e39ccb
SHA256

9146e0ede1c0e9014341ef0859ca62d230bea5d6535d800591a796e8dfe1dff9
SHA512

ed8ce47c881bcb456026c5827fc5b9aeb9a412d709e5b9a60e247b9fc041a62ad7e29980007cfa5f960375960924901e95fef9d2d8d0f8a86d4c57ba2f68f90c
SSDEEP

49152:CCSq3bA25W0D04emo5SvbDuQmYs6uRMA7QqywT0EdyqDVpZfVJQ:5j3/I42SDFmLQLkzDVpfu

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

Processes:

com.androidservices.support

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.androidservices.support

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

Processes:

com.androidservices.support

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.androidservices.support

Acquires the wake lock 1 IoCs

Processes:

com.androidservices.support

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.androidservices.support

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

evasion

Processes:

com.androidservices.support

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.androidservices.support

com.androidservices.support
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4311

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
edb655088d1ed9f33f9d0d499b7a3ef5

SHA1
565c4f4e43179dbfc285cd6331dc8ac75a901af8

SHA256
bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9

SHA512
98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

Download Submit
/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
2e40fa58287d022f88ed50b83a68625c

SHA1
92222bee695825c327da74378c036042958cd42c

SHA256
3c29bb24883688803944ca11726b60b6e1fdfd7dc53b7f39478c967ced4c2c8a

SHA512
ed224913647c2ae7316fda52670e7d354b74f49341f46bd05346ef0bb6bedd2de0ecfe7eb594f1b3a1acd68499537d0b0fa93efa0256d07b68ed2b2dbf6b8b8d

Download Submit
/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
6a28dcf20421d3e9bd3eaccc42c517bf

SHA1
c33a665e046263373dab73d93c3ce12e3ae1874b

SHA256
39f223c1b25567dd69ec28b46493f730a99ec1944e81dfec093bb11bd9a65d8d

SHA512
563eb2da2e9ff8e03ab386fa24e6e415f257804bfd9516c7607029d668b1fab83333b42959dd3ba9dc29adce1f6318d5044a47cca5bb532c03ae545f1e871c87

Download Submit
/data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
1e51d0295e01f2050030232e9f2f2812

SHA1
34e3837a7c374232e9e606c1b9fedbd5406fff6a

SHA256
ff44b90b93a752c81cdce6cbf6f8ac6115f919deae4cf4e5dde9423406b551d3

SHA512
50df4bf298c4742a28372365e361153baeba6a5de1bb0e7057fa93443ed2d7baba25187b714c30ec5ba291306e5d277b8430d5842e6e6a6fe2d9cafcd0cd7992

Download Submit
/data/user/0/com.androidservices.support/files/PersistedInstallation8439181531490494105tmp

Filesize
114B

MD5
607f7b856f4e3369a974e8e3a08e25d2

SHA1
2616bfc143ffb5acd5f380c2a262e175d4a6fd89

SHA256
9420138e6eb585bb48349487b79baa9e6902f4060e376700fe4efc880bc4ae19

SHA512
25385d76c8efe7e4fcc602f5a8fc0d95f8f0782b29bf3adfbff939921d23257977c6d5e62694019ece218e2f66ed3487eba3bbcdee7d20bc6f89019c03acd22e

Download Submit
/data/user/0/com.androidservices.support/files/PersistedInstallation8671655605834094405tmp

Filesize
90B

MD5
7acf5404bb0f6e15132c94637d66d91d

SHA1
08efc8691a8ffe061d6fb9a0b76e87695b0d70b2

SHA256
8c95147428fe2e1a92a7ad04fe51f2b786cd5746884e0b920233d31065b93ecc

SHA512
a25519acb851b5445d217619ba15c23922c2128b5b1c8cbb161a9190b16c815e10784ed08832e7a868d77ae911b0a8eedd78e1ab93d77b991d129d0811d9af31

Download Submit