3f9084393a61638a1c21d6844022584796f3dda955eb89d0d109695b636046fa

Analysis

max time kernel
2671431s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f9084393a61638a1c21d6844022584796f3dda955eb89d0d109695b636046fa.apk
Size

27.8MB
MD5

256c7ed5c3a04ad1db7f4f9b77e0bce9
SHA1

7da241b40b89869ddfa3b98ad5ba622e192c7d2e
SHA256

3f9084393a61638a1c21d6844022584796f3dda955eb89d0d109695b636046fa
SHA512

22416419bcb0b7861f12c7c6388d3055c0987338e17dd5a5307ac04512ddd78fc2d9c557da55b13cb8d1beb52f0cd53d5fefad45d0573d801912b39bfb3f4421
SSDEEP

786432:qSxl7OGqrFDTAxiKdh/biL0bccLRbat819BoJeb54rA:l7eFDTOik1Hha499bcA

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mobius.byty

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.mobius.byty

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mobius.byty:pushservice
Framework API call	javax.crypto.Cipher.doFinal	com.mobius.byty

com.mobius.byty
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4235

com.mobius.byty:pushservice
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4426

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mobius.byty/databases/com.mobius.byty

Filesize
24KB

MD5
dbb32c1561c02bc7d01d4f8009940c4b

SHA1
dae92c6825be42d4e34c495ae320b212618b600d

SHA256
ee6289361e3b491972cc871019c84e2581c54a7225dd8052398904e0ad9c61b9

SHA512
b8b5ae832b78dab99743966ddcb79298ca3c2589c2f3fba44c7da57ff1fad9325356973a8d11440ce1f4d4fc11dc6863f1f2151339c7c0dfbc7ced753bf75467

Download Submit
/data/data/com.mobius.byty/databases/com.mobius.byty-journal

Filesize
512B

MD5
267a5e18bf486867ff1b8ddf3a044284

SHA1
477066ae3829a40121db4403bb841a478b20c7f7

SHA256
36195176582d24aa4608678eea66da83e24c4301db52453751eee0dd320cfde8

SHA512
abd8b85b263218ed1298e4c522931e7ee8619581560deb87c444ab6e635a99e3732ad33c2f27fd47b3f231cf89c28d1de742a001f091b8fce92d2df8b160b634

Download Submit
/data/data/com.mobius.byty/databases/com.mobius.byty-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.mobius.byty/databases/com.mobius.byty-wal

Filesize
48KB

MD5
ef209fbef414fe8bf1fec3513b2693e4

SHA1
2c8fef7cfd5cbb524406158a3ced45f5d109e78c

SHA256
b62885de1aba40f8a4c92a5f49de9111af0c198fa1663d4da0e24819fcb2af2d

SHA512
18283e54a22db3e972c9b6156f5bcc900155a955464bdc806d74c53c59be5a03e8b6de64a2850fe71810db4a2e002f33fdeda97268428a0061fadcf1113e79f7

Download Submit
/data/data/com.mobius.byty/files/com.maa.sdk/access.log

Filesize
316B

MD5
ba63dacb3701c4fe1a97a3956870cee3

SHA1
a3484c9b05b9834abb099c5b667d9a4f34463903

SHA256
187622b9c670b8a2e507586dd3e57bd44d910a7f9e79d27d13546cb7952ee0e5

SHA512
61f7fa0be2859d68af624da80190b744c5d370e9c447fdae7146fc089f5381d2fb5d99f7ce16032f1037e6ba5637bb14f3d3c5788cb350465c5ce594fd97db11

Download Submit
/data/data/com.mobius.byty/files/com.maa.sdk/pushservice/access.log

Filesize
323B

MD5
17d026e6a86f20a454eb831c88657995

SHA1
f1102f98feb31413997c8f7e0699bdae061f4efe

SHA256
8d6d4158978d3219c32b3f7b87491097d8a3329355c852c700f8f9d5ef816da5

SHA512
cc7b062a7779da7ec62663b34df7bf3a3b06e36f64fde9b9676d07d921d46b7e208268bfe47ddf503dfb9814b1b35239c5ae3ea88a7a35788bceb187da9c8483

Download Submit
/data/data/com.mobius.byty/files/wspx

Filesize
476KB

MD5
21f21d635addcf4d92265d9a0a173f3a

SHA1
3d66890cfb791ab5cee531816648bc04211d8449

SHA256
39ddcb90054f3b619e20f89d05bfd03b86d3df79dc6d55f6c333116aad957bed

SHA512
5f7a77f7b8e1f07854fd11cd67b332ca5b1bb53c8ee3e8d265d4e2240bb0bb4eaf99b4c751def661e21e4dfd9cc63d0e5eedffb3be027dafc9bc68a8873913de

Download Submit