94524022cd49a0fc0a8722ad3d368e420b3e120773ed21d12979120f6e9c3ec1

Analysis

max time kernel
149s
max time network
162s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
01-04-2024 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5.apk
Size

3.3MB
MD5

b731343b083f999ae0271d19ec92da4f
SHA1

05e5da65faf6fadb2a3c8dab2eb3d888ca6fad9a
SHA256

6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5
SHA512

84bc70e927af425b430b7a79797e5207eb6b8d33892f2b37c80e3f8fcd987a70a8e44dfccbd3b356d98e6ed413ee1dccc42211cbbe4311adb19579db6cd46eec
SSDEEP

98304:IEVF6aL7fDW3v0AMYfccAYUMF2yIOcX3i9MNIXcK:I46x3vKcAUGOcGMK

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ir.shz.shzkisi

Acquires the wake lock 1 IoCs

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.shz.shzkisi

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

ir.shz.shzkisi
1⤵
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
PID:4406

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.shz.shzkisi/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0a40941b7c8fb7830379b0c43633e91e

SHA1
082fe785dcb1166fa3754c8cd964698be336f70e

SHA256
f60158cf765b1b50d46c6d83a3c036daac07a2592acffef9c317e29d1d8b026b

SHA512
b9329729c3adb40d05b64afc003a0b65b69357f1f5f0b5b048e0d41972ab2ad617791a97add6bac279916c21b6d5447db3ccdf9f5b986b4c771c7d9a8ede7605

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5d7d2ea3c42ab62d78b602b3ae01a097

SHA1
91b682d8b1c54436a3ccf54985d2a777ad5a46d4

SHA256
e9fc2d3320337032116eed952963f8d7c8a672c19083496f0d2013ffa9f64bc6

SHA512
33d152432009e26b4ca47a23589fa22a2a5bc9a0d0d8ff406707a454352d5b13e10fb9d12c0bf43b83079a146d536f18c51821bcfbfb6cd923657128a52bdcb3

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
55d8ac868df421acf6fc68da7716b63d

SHA1
8a82a10eccfa7e20c3333e3ce75f88a716a26010

SHA256
fc6ed9ddae51fc2756dc5d22355aee16825252221cb0b42a4a0d6d5a805f126e

SHA512
9d85c52deb92b91ee85b057eaa57f31dbf064b80945561a30789d5c30b1b101c71395c51e29054a7146ad847e700ec948b5440dfd160b0ae5a67e595c87709b4

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e2bc5084929408a39f5eea368518ff2c

SHA1
2fab5e8205173cd8c27812768efa28a72b89bcf0

SHA256
e3ecd0b1dc3c2eeb0db26141e225ef0f315c5d111e6d4e0e00ec54b2ab935547

SHA512
f905b9c0a197f4ca4e7109ecc75b54ce1fbd9054bca3a4a5f941e7fecea9f396b235f92eda8ecf77b418f90307480d331b063932da0bf11cb8ca62c4e4743a4d

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
de82e2c94d2718988804b035a46d17b1

SHA1
705f5ff19093ad209f2a666085d6ccaed3bf58a4

SHA256
29110e626f8f49171d14a819b34492d094120f21ed7a963007fe95439d771d39

SHA512
68f5f88e638e76cb5036dad6b320896f1735f64067ace152e0baea81e9ea0d153559f53bd5c608b397281369dafd14c5f5965f92f567dc89db157414a699023e

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
63c535c05d863f8f2941839d595b1753

SHA1
9a651e45ac035d9bf5ffc0223ad6f988ce90f3c0

SHA256
9b5e1b1c3d011afaa991970d06bec0548934fad61a9fadad712960b3fc96baa1

SHA512
3e68e411b2f0363f6c09187cdf94c9cfb54de66dbd9cd0d8e34d387e15e12c284c4d9a31798931a4eb48747a59acc5f3190a1c073ccdee122be039c3ba5fb553

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7f89ad466eb792cdae7e575ea0f13ff0

SHA1
e6bb8189ed43feb091154af75343630fff30ad4d

SHA256
006f1bf32fd90aad523d80d181109c977b27b79d855dc4cc25fa33d8760e3414

SHA512
49cb9a7889633b53053324f1406f9604c010e8ba92d970e6c333bd326d060912c58af60207e82760211239cf158e3f9618c5c71ed70e74a94b332759ebfb3bdd

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
822706b36b61133c02fdd3a0b2ec9f6f

SHA1
a139980539456e7e31c254de45ad6f96bdbd6ec9

SHA256
c525341b05ec8f205f61e71633c1be991dca9733574543717c746dbc7c168cd2

SHA512
36b356b2a18bd8975aaafa0425d762a247d7f197e1892a02e9956801fd1b5869cc78681a455563079168aeded753c4298b74d368e38affc0fafae0fc8398eed1

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a1b5f8539f255bb9011961a9a8a7e5ed

SHA1
bbf610d656afefdf7be46076e796974715a561c8

SHA256
7a82f31fba68a1a7f6ddfef62465d05199749a5ca0c19f4e1b7cf606909b1e0e

SHA512
d8ceaec1e71f6c21a0c853fb013765b2e4033a1338c19dfdb31f0b7a3ee56d6bba24e8822c4a96eadb4fc6c0f7892e48635065327efa5b44460812dc402ec040

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
0d37f1c6de879e8373977f32a8620976

SHA1
2a9895740a0691ed83d01fcba6ea2215e0146d9e

SHA256
3b63fd849ff6a15d6a2c7d37fe2211e9907b6bb394d2db344a21b4f7b6e2f5d0

SHA512
f3c2bbf5d8af4e50f14569c3016afa2e8c141326f280526165247354565d0c88584407aac05f0f9c11ff761d5f01d5bc2893b173179eb70ea475e20e9b636d97

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
02b3dec8b920f51b2c4246fa7fe99820

SHA1
3c1e6e1f6877b9bea1140089fb7f5bfaee95f8f9

SHA256
a0a0fd7fecffc8ab66dd95b756f4672a5fb10bef0890ad81daaf79ef44eb86dd

SHA512
5433b9c04487c74b09e1be1bce16b183b3311b0578725277f22edab67fd6b1a3686dcbec7e0c633929e13ade2317130691eedc6bff5425ef1bb9ce4623481f7b

Download Submit
/data/user/0/ir.shz.shzkisi/files/PersistedInstallation1288979958307751828tmp

Filesize
90B

MD5
0a5fc6743ed2e2d6ea27687001634272

SHA1
4fc4bc15150eacccacedf95413dfaa884022ea76

SHA256
d50216d1308ca016d6e90e7383b7ce6b00f7e5464e25f1787fb213ce092fbacd

SHA512
17af2c67e0c2d1b58e0b1fa3af2ab1f5e0926cfe5ba65a9e6d8ec40e09ef9a39c0e54adfef994c853077066d9060ba488e552e8b5cd8c4b8b1ffb8beabaa5b00

Download Submit
/data/user/0/ir.shz.shzkisi/files/PersistedInstallation2014812451083197817tmp

Filesize
567B

MD5
75aac0fbb070a98906df56fb78932ed7

SHA1
f6ed7c74f30266d6e0503a43dffb6d9324f88a34

SHA256
b9337917b1d21721f51b68ddd78c04a77da5b61d7f0d54d4370d5232b55db70b

SHA512
05ffbc467cc6221cbbef156f9c34413381500915ca6117a35ae6494afed7c702823f8a117a277acc9f50758dbb471a572cf122285a34740c3b3e8d6ded6475cc

Download Submit