Resubmissions

28-09-2024 21:15

240928-z4awcazbpf 10

24-03-2024 05:08

240324-fshx2acf2v 7

24-03-2024 02:46

240324-c9m2jabd5s 7

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    24-03-2024 02:46

General

  • Target

    BlackMart.apk

  • Size

    8.5MB

  • MD5

    1f51442ac69949a896f13e42c4d7254a

  • SHA1

    dac18bf7ac2dae640c064fe2563e4e32011144b4

  • SHA256

    94be86d50af2ded5b2754cc2f0eeb8d26c44878b6835cb6292abf35df92bd4fa

  • SHA512

    aaaaecb86f62c6602876a728101dc1604b57b887d788cf3dde66573a101be96301b80be3cbea21eaec9bf3021b335c0bb8964c73e7e5fc95d06cc4d382bec089

  • SSDEEP

    196608:nxgE8qnpvtBIH7qu3G7roKx2NIXfT2+dMwW+dMwI+dMwE+dMww+dMws:nxOeHIH7R3G7rp4k2qMwWqMwIqMwEqMj

Malware Config

Signatures

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.velociraptor.raptor
    1⤵
    • Makes use of the framework's foreground persistence service
    PID:4459

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.velociraptor.raptor/cache/cache_an/journal.tmp

    Filesize

    36B

    MD5

    37e8e716e0e2f4a0b05cd9571d95b84d

    SHA1

    f8d068f6931707bddb8cd69f706f2224ad1fea3c

    SHA256

    7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

    SHA512

    e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6