94524022cd49a0fc0a8722ad3d368e420b3e120773ed21d12979120f6e9c3ec1

Analysis

max time kernel
6s
max time network
42s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
01-04-2024 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5.apk
Size

3.3MB
MD5

b731343b083f999ae0271d19ec92da4f
SHA1

05e5da65faf6fadb2a3c8dab2eb3d888ca6fad9a
SHA256

6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5
SHA512

84bc70e927af425b430b7a79797e5207eb6b8d33892f2b37c80e3f8fcd987a70a8e44dfccbd3b356d98e6ed413ee1dccc42211cbbe4311adb19579db6cd46eec
SSDEEP

98304:IEVF6aL7fDW3v0AMYfccAYUMF2yIOcX3i9MNIXcK:I46x3vKcAUGOcGMK

Score

7^/10

evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ir.shz.shzkisi

Acquires the wake lock 1 IoCs

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.shz.shzkisi

ir.shz.shzkisi
1⤵
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
PID:4190
- ping -c 2 -W 10 -v google.com
  2⤵
  PID:4236

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.shz.shzkisi/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f843dd9b27a33603b463355f550574a4

SHA1
4209ce921515f2a424f333899fe4a721e26de1de

SHA256
2ae4f1566aaa2b36d64223523f07759eea991a2a92ba0ef29c1ee5e83557f05b

SHA512
b7bdf49a8f68fa0965817deecc74c7e74bdf4ef23164c76554fa034a8750f3f199305278af24ac478fc9fc4d32d696c0b1a6672d723c332c8623423c5c2c0de8

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1e23e6500cd4974a904af94925fef043

SHA1
bfecb117fed7ae6affee82e9522dfff6754240f4

SHA256
bec25e4789d94bec394c1e1fed40a222959ad3bbb661e5403a84aa9c90f3438b

SHA512
0c1285a1de0cea7b0b2bc198e260904f6853d6f6c4cd83a0681e7dae1d4de8254d3cbb5b3dfe120f41e725015750293aeada7712185e7ab59ea55ca220b1e194

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
190179d571f3e90613b942e9c9afc722

SHA1
db1d2e28f375d2c1c9193046520ad259f933bdab

SHA256
7bc1e8fdf2b9d8e7523ef7d5fccf5c609a2ce17e0bebfc823344b3525e46c177

SHA512
6e8098d878c4ca7c2195fc3bbe2167efd0e7d6f4a051c135cf89902bce9dd402dcb272f0b51f8d8af746af2a151a98dbcbc0f7fd492a441f86fb111067f885bf

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
31f942319e7c783a06a25fe45ca48a40

SHA1
19feb5b2f7cabdeaf4a055c9fa27aa5d75c9aab5

SHA256
68e4ed6aeaf605ed00c33fff68a8f2599c65f69843880570a671a364bf3328fc

SHA512
1e2a74ccfa81f51d23b8aa9e27f2898081f13de9b8b8c506faf902cdbb8cbf71b9b09ea256e7b967235729cd06fb5cdd55d0b7339848fa5c669cb84742c186d7

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
edc634f5a5a7237ed4c0224d3c5c9795

SHA1
6b464f40a16e1f02804e4f5e69024cddcf62d8aa

SHA256
1a6dffcd2fb61dd83818b8ac2129471e9d7eace4f610cb18d6e6508fa2b728ba

SHA512
469853b14cfb54d5e7d8f5bb7d770bb03e821851f3b9d1ff4decfef6c6db5e24bf05e39eb44e79da229047ab5c0b0457604f502aae64714420eb50822f5dc0cf

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
352dcbe1a855394b58fe3829c34a2cec

SHA1
1a26692cb7c6eaba7c58234b617b77cccc9a275c

SHA256
87234523323a85ab23537f395e4d16189c607138b4d67434084b7f63d674e0d3

SHA512
6f656e46244d7fd8bd3495c30bfb59893c14f68ae2e6fee52db9bb2f6523c63510e91afd3ba0291f65708bb4d623a36a03cfa481ee2f2ef015093a57327a776b

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
db79efee7b2ab0c76a06d0329b6077f8

SHA1
37ab790ac449c668c18bead99b097d8934a2047f

SHA256
46214a3fad0abfa74f7bf3341dbca2703bb95040ff3077c07875860091e5338e

SHA512
6bda71e3c5c6d0a3f23b6eb1db09a5f259b06226f4d92e1e8cf7c1be1075463cb2396a73631f25542349f6c09e07324e25a949f83dbf17774eb6ec7c3adb1e11

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
dc5eaea7369892427f974e750a13fe80

SHA1
02d783984700caf06ff6b76da79c7ac1e44226c1

SHA256
7fef26e685a290492d9acc28d5be95153a3a34f6a7fcb6e095d97357050093a9

SHA512
fd73581446054d73f241bee1cf057706571ffab66909b3244674a224334102ea5fd645c48e4f5b6238a3f5831c91642f1dd86939c59ed72f99ffc7aea91ed7ea

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6ab3d2097e67d0aa342664af110e4b87

SHA1
592db60045c69793f5f92495422d15bb5e8967ae

SHA256
f9c7a7361dea0382dcd52a2af4b8312bf7d867a526253d97c878ce233ffc0330

SHA512
d345822ad0f8b4c718caddd91e6ba1ab0199dc6907154a7d3adf2a014fbb0bf6b8795ed5c0bbc06b9fa9081664d17e252b52a2814cb0994cd3fce27c462cc3ce

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
ed85ea5a1a7381225bf8d947f599240c

SHA1
ed6b77324e4d167fffeae1818074b7e467548a21

SHA256
86c08c21f80949e22fb8b07087c909594eadda5289b06aa907f4369cfd4673e7

SHA512
0e5fd5c53eeaf865212c7615bef722feb3aadea68ba2a982578f510cd4e5b8dcf3d0f981017a787ed282cd01819103a741a94d5cfd760318070434df0e58958c

Download Submit
/data/data/ir.shz.shzkisi/files/PersistedInstallation3823739543414460688tmp

Filesize
90B

MD5
af60a9d41c07263341bc9da23016693f

SHA1
ba93e5c651388a33c46a4b472ca9d4808ba0655f

SHA256
19c99a8ad2f99da3cd12817ed0e3217a6935937b9af3b3bce504b1d2063a31b8

SHA512
99200d9bea05343fba03ad0a7acd9e515d56f67ce99221069e2bee84e7a6460c2e51db8ee19764e28525996374b513ed7b7132b8a88b2a36514702d24dbf398f

Download Submit
/data/data/ir.shz.shzkisi/files/PersistedInstallation5601924379730587486tmp

Filesize
569B

MD5
96d56790b5feaae17c7bbda74401e758

SHA1
87e6b1d95c0a48eaba049d7b9e7cd7bc3cc1c061

SHA256
d0995fbcd9557dda5028f25b0a7cbf28d0e5f7c7ba5cf2614e39b9b35904ef80

SHA512
24cb241c97b01aa3276da198d5094b1c6015430c0a53f587704f15af598eeddf546d6a3403b48708cb45c648a70f18dc8c5e534df0c3e28411f948d22223884d

Download Submit