132b93bcd9ee444f0bd68dc7c8c7408e1b4441f6774a10747143123388f951d9

Analysis

max time kernel
2875721s
max time network
164s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23/12/2023, 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

132b93bcd9ee444f0bd68dc7c8c7408e1b4441f6774a10747143123388f951d9.apk
Size

11.9MB
MD5

0836ecdb2fd907095258ad32d2106a41
SHA1

e22f85d5d8eaa48dc404c8a71a787b6992b3222a
SHA256

132b93bcd9ee444f0bd68dc7c8c7408e1b4441f6774a10747143123388f951d9
SHA512

16138d70f19d0009b8ae41bde5c4799e560c6d3a19bcbdb3789cbcc07b8d7e9fbf3f6d4a17284afd980d9cc897181c6c7063e6510c125ab262f661af93d4bdbc
SSDEEP

196608:H8Ib1RI15raimP1Ibqy5LEASqZTHg+o453iM+tponqufr+3FsTMmk6k2:L7I1BaimP1ZL45dquaF8

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 2 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
behavioral2/files/fstream-1.dat	patched_upx
behavioral2/files/fstream-1.dat	patched_upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/fstream-1.dat	upx
behavioral2/files/fstream-1.dat	upx

Requests dangerous framework permissions 14 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS

com.nd.android.pandatheme.p_shiguangrenran20161012
1⤵
PID:5075

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/pandatheme/pandahome2.apk

Filesize
648KB

MD5
5359914f1fbc4d69798ab0f707033f8c

SHA1
87f8aeb931bdae263245b703b51c094fe2293432

SHA256
34723368dcfde0914b7c38523c20c55d17a995c158a47eacda0ade1ed5ed341e

SHA512
177b5eebbe7882e3c18be6ddea016544536e9ca23c2131ae30637b0f9b90147aa711e1a7a95144efd917cc37567b1669f4faedd6f1a1552948b35019fdbe3c30

Download Submit