94524022cd49a0fc0a8722ad3d368e420b3e120773ed21d12979120f6e9c3ec1

Analysis

max time kernel
5s
max time network
154s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
01-04-2024 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5.apk
Size

3.3MB
MD5

b731343b083f999ae0271d19ec92da4f
SHA1

05e5da65faf6fadb2a3c8dab2eb3d888ca6fad9a
SHA256

6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5
SHA512

84bc70e927af425b430b7a79797e5207eb6b8d33892f2b37c80e3f8fcd987a70a8e44dfccbd3b356d98e6ed413ee1dccc42211cbbe4311adb19579db6cd46eec
SSDEEP

98304:IEVF6aL7fDW3v0AMYfccAYUMF2yIOcX3i9MNIXcK:I46x3vKcAUGOcGMK

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ir.shz.shzkisi

Acquires the wake lock 1 IoCs

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.shz.shzkisi

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

ir.shz.shzkisi
1⤵
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
PID:5082

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.shz.shzkisi/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
91807d390fc25a28bad086e772807481

SHA1
140ab77eb9d13f45b508c7ed265821154823f505

SHA256
b34c98e779c9ce8146e8a8361813ca0dd946d606fbe4986098fdaae85ce98702

SHA512
3387bc451a505c1e21ff32f5cc974554022e611d946545db451f393e8ffac816d7a7e1d8c579ba141508b6a31314190e5d4d4916ecdccfd14c8645383de9cb21

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0faffb1e01ead3a8495cc55be4ee05b8

SHA1
3409a2821c2e061d8c15a1a27e12b17802e2e09d

SHA256
3f1323d95fd0591ec28fc3cfc740258a2c2e56bad40b129fd14daa5c6a0b8414

SHA512
d3130ad04dbce8b008bb723b3bb4f169894b9556e1ec01ed865ef271aa773456e543d3975f9c89b5647725899c6af337462ea611d0a554b7e75343ca378b54ff

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7c4a5b6d67f7461b727c830e17f90162

SHA1
465f9facc4c7f7cb94d45b6dc56eae6f89f1f6e1

SHA256
3815b5ee368a8987a5d5c59b494f7054e768fede69a67defd78ca9103df3b457

SHA512
cd0775d900165c3c395823ec3f4876fa9066f0757a811994d03f2dd6d9bc0a26da1d2dd7158bdd68c6c0a43fc5ae473ced7cb298ece06eb39022307cd2cc084c

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cbcba77524a7210f439e366209f6b022

SHA1
5ac59fe7660225d1d6aa64f91e83e8574efd94f9

SHA256
0e497fa4223743f9da429bccac4bdbbd4a11678b9fb7993e17713cc9d816d9f2

SHA512
977f427b665b4d3b437629054f390790dcb4aa9635cabdf7fdd6dea920d5fb67935904617d817189b1a5c269e4d9134cd8083cf4283782ec70d0c0fb3ce42bd9

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1e1b7d07904ae7e9e6e0fb246f47edd0

SHA1
fd11de3533bb6b6f67a22e87f3eba8ef32ab5cc6

SHA256
61f58757fd5f9de133f5220c243d4618f73a815698d526eaf8e5de80dce5d14b

SHA512
1dfcb910e48d82bfb706e90cf7ef49e910146f08889e9f948b479a1935483b69752a0c3753cb047d0a18a3b26d3d8f4cd16680c828e20c883cd0958141b7d4b7

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b54cc08c3ecccd609ea801336ae072b2

SHA1
613743dd75fb68b85f5bcb6b22d9f97c6ea7df98

SHA256
cfd489b9c3c627f26555b15492cc39275aeebae4ab5e41914557cfb5c930a525

SHA512
b08ce8aed437b2510ed6b7751c5295121e7fc5b63a3e770262121ca966230b488f5329c6bd4387b68cf0184d001195eaff1dbe12dc9f6379a6495f8f9ea3c0bf

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
97d9b8293ffd3cfd1686b366247cc181

SHA1
78ac15c749d237a38392f7e140a2808ba4ef7618

SHA256
17b93a765990120781d06eb8c5c291abd10de4457990e2dfc796f2da9ec9ea64

SHA512
59722c56ef46730ece50ed66eb1bef850d8c517de739cf67393cde9dadd634ddba45e9c63a44a1a3a5dc97208b844bdac75e6f3bd200c8473e46fc1289cdcfe4

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
27022d1784e733008aa1b8aa78093722

SHA1
6bc4cc04c215bac1f58529a656ffe745c81caefc

SHA256
ba449b1505fd849e6bba6a44605aca74e0e65c12c508ff4e6de6630ad8665ac9

SHA512
cfae93d37b6bf612f1760514c3e12750d86dc8577158f4c220a404835b84fa95b16d07112171273abbf1e5dce315c081ad42f5df1ee9fae58bb4501e594a4785

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
20d0cf463397564d3a3a4d033d01b86e

SHA1
ad34bd610c2246b99b15996f7111222eaba43a26

SHA256
da9b96d5542d597571efd1462146379c30970864b8d9c57c7cad3827bc7d3a88

SHA512
8718e2deab7f584c73c30ed52e6b8dc960ed276da20c2a9cd69f2359ae2979b618da8a75b6cc6b2d6247516703d81f1878b02ad29a672d0bfd74351caaaa6379

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
900d4c371a8be24abaa5e2ab6bd85976

SHA1
4051b6af2eba28102ec6faccc62aa0bfd1ee65c4

SHA256
f7ce13f100016c0884149c4b5206dcbf27472543c3f43c7b4ead211bb0675b57

SHA512
44def70ccfc7823dacac98d83fcffd419cfb3df42c4f74dbe47b726c6c06fb5d122243f108cdc2b3b6ff63d9ab9ba631b1434864321d088997b18f49ce82b76c

Download Submit
/data/data/ir.shz.shzkisi/files/PersistedInstallation3789037378684224815tmp

Filesize
90B

MD5
35378189e73c383adc962dcd617b32aa

SHA1
3ddd4efb17134decc23b5ea75019458226ff2a9c

SHA256
9b79368404dfd2530ee33a9122d755e14fcc738f07c4a7800c252bf2961e5031

SHA512
f3274e5910121e94931ba0652439f67ad7ef4b78cd0a232ddc62140cb4f9bc63885431b3222fa591b821c8654be0b793b8ebe0086fb87ddbc4a0d641f2d5e1b7

Download Submit
/data/data/ir.shz.shzkisi/files/PersistedInstallation4736227231452236286tmp

Filesize
566B

MD5
c0d7b751d76b0c4e12ba255b6dcb61a1

SHA1
6e0bc70452092cc8cd09f2c74f6f7d31147e64db

SHA256
66d35ac2dfbe981874733ff9f4f7fb8a72603215249d11f0360297ed0029989d

SHA512
14bb6bb5826555daa57cad6beae6216fcfb2edb77055000ed5eb8a3d490dcb70ea575289c67415ff974d25ad867ef9e23142839aac11dca5d40ec22717dfc935

Download Submit