1d05823c13375dab6d13832382788b09ecae17e8ea3aaea0998f3c5fa21d5b62

Analysis

max time kernel
141s
max time network
148s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10-03-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d05823c13375dab6d13832382788b09ecae17e8ea3aaea0998f3c5fa21d5b62.apk
Size

3.0MB
MD5

0e9b1985ab488a64c78b5e70e60efeb9
SHA1

cf2d863f62192c64141cf163fb70c29bcbdb12dc
SHA256

1d05823c13375dab6d13832382788b09ecae17e8ea3aaea0998f3c5fa21d5b62
SHA512

c2bd9329d1d8b555d1da4e8d552199c45570a6724eb27226629003ed8eb3bfa994cf04c427fae53142c752c7f0bcea635935a8be7a77bb0d35a972682117fd67
SSDEEP

49152:ZSYGR/82jVj+2CGJPFAXrJWbCqW1i6rU06Qztyc3FdtuWn/CeAQrD5Che74q6enI:ZSN/jjBhyUbCR1iK6QzAc1LuO/X3kheY

Score

6^/10

discovery

Malware Config

Signatures

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	org.thoughtcrime.securesms
Framework API call	javax.crypto.Cipher.doFinal	org.thoughtcrime.securesms:remote

org.thoughtcrime.securesms
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4171

org.thoughtcrime.securesms:remote
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4241

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.thoughtcrime.securesms/databases/test

Filesize
20KB

MD5
b0d01f3f33ae23c66db7263f890cf4ff

SHA1
3eb1c5cc22a762213800064ee88371c00a4b06eb

SHA256
858dde8c098918a8689a10267600dcb69be3d278e344aa54ee6add161a6f8d58

SHA512
b74b815ff0e46d38c1ab7ea78a30bc9d330d5a0984345e70ca59153fe9893fc87e09ccff3c18c9378ad79646ed5fd0d1c827441df52ead9d2a1d9c1a2e35aa87

Download Submit
/data/data/org.thoughtcrime.securesms/databases/test-journal

Filesize
512B

MD5
552198aa17d43adc3ada849fc8f066dc

SHA1
ccbf6a106c0852f91ba7c0c96867b9ac3f9c7c65

SHA256
3c71514f90733fa0652892cac3e076365bea910cc02e283506db500ef95534ba

SHA512
b7b8f4bf674bcfe3150ce7879f25fecac3676c444db3cd73d0e82bb21dcecb918e20244698b0bae75f31662f872f87d593134e730c5b6144b9c7b1e73e6326be

Download Submit
/data/data/org.thoughtcrime.securesms/databases/test-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/org.thoughtcrime.securesms/databases/test-wal

Filesize
32KB

MD5
38149ff9058ce3b15b7c10694067ad1d

SHA1
8ccc88d07be804f2d99a508b7a9351f6225be63e

SHA256
435c426818ef017b47016a3acbf2690cf2079942892971b5f81945a4ded23586

SHA512
feaff0759987793c1acb1133178c07a1c3190514d932b5d5d6fa6ca35a668972b4fa58c9a078d5f07b200cb4878de7d789d2817736583646e1914ff71dbd48da

Download Submit