a3b60883558aa64d5be6547ce427d6ffe1f43afe610d1cb6826a2a8a075e9a29

Analysis

max time kernel
3s
max time network
129s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10/03/2024, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01510a2911db8157decf57880b3b4c39.apk
Size

32.6MB
MD5

01510a2911db8157decf57880b3b4c39
SHA1

fec9017302c2f5d7b586f1756c37092368d58d8a
SHA256

a3b60883558aa64d5be6547ce427d6ffe1f43afe610d1cb6826a2a8a075e9a29
SHA512

f81311211c4309ca8cea41dc01ee1fec98bf111d299632566ad1be728bee804255520081fbe6c6bdc73584b0a6d7381bbbd44a57922383384f2d378d58759c3e
SSDEEP

786432:v3jrbQULjGInXHJN7Xn8eIDRidU1HiUlT3gr/G5:vTrEUeInZFXWEKH1gu5

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 6 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.product.name	com.android.mgstv
Accessed system property	key: ro.bootloader	com.android.mgstv
Accessed system property	key: ro.bootmode	com.android.mgstv
Accessed system property	key: ro.hardware	com.android.mgstv
Accessed system property	key: ro.product.device	com.android.mgstv
Accessed system property	key: ro.product.model	com.android.mgstv

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.kernel.qemu.gles	com.android.mgstv
Accessed system property	key: ro.kernel.qemu	com.android.mgstv
Accessed system property	key: init.svc.qemud	com.android.mgstv
Accessed system property	key: init.svc.qemu-props	com.android.mgstv
Accessed system property	key: qemu.hw.mainkeys	com.android.mgstv
Accessed system property	key: qemu.sf.fake_camera	com.android.mgstv
Accessed system property	key: ro.kernel.android.qemud	com.android.mgstv

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/qemu_pipe	com.android.mgstv
/dev/socket/qemud	com.android.mgstv

Checks the presence of a debugger
evasion

com.android.mgstv
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Checks known Qemu pipes.
PID:4236

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads