682b58cad9e815196b7d7ccf04ab7383a9bbf1f74e65679e6c708f2219b8692b

Analysis

max time kernel
84s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10/04/2024, 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

682b58cad9e815196b7d7ccf04ab7383a9bbf1f74e65679e6c708f2219b8692b.apk
Size

5.9MB
MD5

599ca5ade29ca5a197d672c4c8030403
SHA1

b65579c62481b07f955638d884d3a59b9582e705
SHA256

682b58cad9e815196b7d7ccf04ab7383a9bbf1f74e65679e6c708f2219b8692b
SHA512

2331da7504ff00686b8afbfb2ba9c8b226566b0ab2b2d26d8f5370b9f94af301469818f926c8e27f72de0ed5f91371fc4f0024d7c5c1723675b2b0ecd65d7448
SSDEEP

98304:MLv0HRFwlCAuCnTCK7/WkOC1CvgRw33cDbe24ynnfnDc4WQAEzfrp2vwCNwG7:o0HzwLPnTCK7OkpzRwR24ynnfnDcIsNL

Score

8^/10

banker collection discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	org.optimize.app

Queries account information for other applications stored on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	org.optimize.app

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	org.optimize.app

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	org.optimize.app

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.optimize.app

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	org.optimize.app

org.optimize.app
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Queries account information for other applications stored on the device.
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4488

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/org.optimize.app/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
1cf3f63c021d755a21623e6d0e86dbc6

SHA1
e40e0f1faa61abcca7ba3394c54c92ff7334b49b

SHA256
100c67650ba652d547d8a1128edc550a8e95541a1d9268a199d1b924294d0895

SHA512
38d72e14f3513ffd26989cbda3df46ed3dd6e731bdfae56440eff6b64760cc13f91014281c9add61e018fe3529e49c63a6892ca22479515816c768b546244466

Download Submit
/data/user/0/org.optimize.app/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
2d6eeeeee04d4981e46596b337ebaa62

SHA1
3be666c5f55998684c196504e97ab8fba4bf63b8

SHA256
e6253990472e1b748c99046f476242cb3446399c941332d1ae7027028c4fe7a3

SHA512
3dd46bf3618d42c7f2031718d5317d3d58e1b122a6c7c2712b4570af252597ed2a5762fd424995f68c31d392434c223c0451161c29b9e81a7007742ad074f2a4

Download Submit
/data/user/0/org.optimize.app/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
eb127c6cbbadcf9048b3b3af31864510

SHA1
2865d609ae61e19c426a5135a16080e5031cd276

SHA256
58afb9c39b5c46f56f173c4865dd1967f4c9e8ed32dcc37822111f0a8e6c3ffd

SHA512
efcf8d2dcac95b90a342c49c56316161b47609eae2284ca421b605ebeedf3735a226e230bb8816ce8197dd94a7a2516d5dfc1d0946802474f54510447a655f1e

Download Submit
/data/user/0/org.optimize.app/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0effaff3f1eb27cd2b9a086d4316efe9

SHA1
5ffbf96496d9b6907ac5d8fac1e7fd8fa9561260

SHA256
e3744d30895f60c50c60588de2e57441bcb86e96ca15902575710dfa2d123ccd

SHA512
79ecd33740bf419e362a429897398ef209d4b5f5c012bf2f053c2d86de195a7c71ec275eb19d7aa153e3db8cc9375ca9ed0fd6d859f3f69aad5f1a56d9c8a5f0

Download Submit
/data/user/0/org.optimize.app/files/PersistedInstallation7528639421199986875tmp

Filesize
114B

MD5
8cc3d31399d3439ce0007eed827a2ab1

SHA1
df75d871e3f1a4bff6703274267880b54359248b

SHA256
433cf63fef183df1bc0362bf1fadb8d83ca9ed1f604f89af76bb2a136899ecef

SHA512
091f53e706be695f3eae401794f85efc2c9f94cbe95dca1614b4dea955f817783d6200cc051cc0fbb01ee1b14a51cb50be2af5048a55dd30aa2a207b95f4ab3c

Download Submit
/data/user/0/org.optimize.app/files/PersistedInstallation8083657637958557500tmp

Filesize
90B

MD5
87ac3d4e500fa92e1d1766c988c17a02

SHA1
30df42615bfa8e4feb0b85707c200d842338a808

SHA256
e89fd50fccf3a74c44944a2f593a5c5b682312a8c51f38df268064343d19c88c

SHA512
5cf1b98ff5887ca29ba4ec52222d694f7f1fa35f2dbe552b1f69e155d216d65ac82d89c9e9e23a82adf31f058bd0b9eaee95cb8df3ffe06206e88df1dddac26d

Download Submit
/storage/emulated/0/Android/.org.optimize.app/Presentation/fls.tr

Filesize
424B

MD5
bfad12ced58f57adf018d11e331b29e1

SHA1
f3bfe7d529b25b35beb374bcb4b33b72d44e0483

SHA256
933abfb686095a7b092b55770aab7b8ba39e97e1bfd27c15ad452bff9cad3417

SHA512
128896b9e4bdb7f8d47db5184e6020a718da64ca9ba3683093b8b1d27d7645328ddaf8b2bffc6bc11524fae6e4c25b96b58277333d2983ffdac8e645eb30ebb3

Download Submit
/storage/emulated/0/android/.org.optimize.app/DataLink/1c0n1ct_1712734693109.cn

Filesize
3B

MD5
8a80554c91d9fca8acb82f023de02f11

SHA1
5f36b2ea290645ee34d943220a14b54ee5ea5be5

SHA256
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

SHA512
ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

Download Submit
/storage/emulated/0/android/.org.optimize.app/DataLink/1c0n1ct_1712734693109.zip

Filesize
221B

MD5
d2f66878bade269225366bba57cd308c

SHA1
e4722f80b67136469e80e149b7f76fc26f7f8684

SHA256
72db88ce82d826009e2b067b988197f29a0c4aec13481e4b5a4e041752396a82

SHA512
39b5b6dab6c29a8af0b3fd6883e7ee839bccb61a63dd902e16aa4a9a2451c6c58383a33a4bb24324a5b80705ab85ca49e2fa5170d9462301b3ce112ed3144e42

Download Submit
/storage/emulated/0/android/.org.optimize.app/DataLink/apps.ap

Filesize
1KB

MD5
dffbf07513188e4ac16e629bc508a9c9

SHA1
66c192d457788e9ebe99c78bb06c7123acab8796

SHA256
d303e2e100caa0af49753feb451ab8fa04fcc183bdf3856842a142938f959d8a

SHA512
11b1aa5934055cfa2c6e3dc06115a6af66fc29879b2ed198420235ec15671a61a331bc50768f505688201d27666883543c6796dcb282afefd61fc444f3c31687

Download Submit
/storage/emulated/0/android/.org.optimize.app/DataLink/s8s54_1712734683091.sm

Filesize
11B

MD5
0c554d4e30c294140ede96a4d06775b6

SHA1
c22fe7585096e9478b6b64c20bd33e22df5d96d8

SHA256
fefaa3e60e610770898396979fc7e59e2f32515db738a2aa6fc5053d571e49ca

SHA512
6759ae4635432a45dc37262aeea6a4457cf4a34bcb5805db2d42563d052e30ce97438b695a671d8ab7931bed82f93908cdba608ad086e24e7667c1640182e3b5

Download Submit
/storage/emulated/0/android/.org.optimize.app/DataLink/s8s54_1712734683091.zip

Filesize
225B

MD5
683eccf69523b1af08a2a81deb407b56

SHA1
d2d2c4ab58ad8d3a677817610bed09a2a32a8a60

SHA256
65977a4040751e1a64c2a52c788750b89438cd03b20b675530c9ea238c0197fd

SHA512
c5e4ee6dc84bb12a3336b4faf8530f65d56fb0070c5ff8da5f6ae218e4d4af5496e258d2d3c3b28147e64f2dc0bb17f93d4436691b4e7d9366e5a6d5d965e4b8

Download Submit
/storage/emulated/0/android/.org.optimize.app/Presentation/conf.st

Filesize
45B

MD5
0715c425e68269fb474bbf4ef92c9494

SHA1
761945ce56c4cedfd07e2d78f5d795fde493ea37

SHA256
c7ac06c02abc6acebb0a21b907ea1773680df2277a0fc3e44336039525f06114

SHA512
cb1b8b8df700c23fc6c0b1102d54ef3ad7e1ab2f07903c82e87bb68672662cb569c7a777ce09c75892b4d04ffcc5a09537bc2da59cf46b7d306951c7beac2f34

Download Submit
/storage/emulated/0/android/.org.optimize.app/Presentation/encSocketID.enc

Filesize
176B

MD5
af4cebc42b18276720fec34a4831753f

SHA1
967cd3fef84a323568ce7a342f3c1c5ce247d67e

SHA256
b970e7074ec5d5a48fb3ab87ba2e1935d4eedde03170a41d7b4f328bed0b233b

SHA512
d69c777c5be3e2238fda078f81a1b0473ed952e077e98fc3bc2d493aed60b5f465e17c5bb47abbc15e5f3f453acbf90582ffaba1a237123e23a07bc7ea4e36d4

Download Submit
/storage/emulated/0/android/.org.optimize.app/Presentation/everyone.evl

Filesize
66B

MD5
65f0466dd74f037929b1fd130e33646d

SHA1
4c8c4b5977c36fcf1521377d934bd5de34087d8a

SHA256
2146b7a7d195c3fb86e56bb3facb9012610900df6eb646cb77ee5759d47c2f2e

SHA512
9d7a5421f46779be00c76f725354232d5fd69bc1ce05db54fe15b54f76b57aae7a2ab6e223978edc6ad7bd954bbf2a63c2f44e2a25fe6cbf3b06e34a8db25b9d

Download Submit
/storage/emulated/0/android/.org.optimize.app/Presentation/randomUUID.uid

Filesize
60B

MD5
491b50dabf87453252d09b45a8086eab

SHA1
3c3921da4babbf32b93e8b3d5f54a5575c25f000

SHA256
dd1bd2ca068d222141953718dfa719583c649548fbeb180065200086f4a11013

SHA512
3d46085d3661c4f3680212e3d77cc06fd1046158f8429ee11fe84ec185c3d05c220a009dd439580c41ca5c2ea41cab204cc5a901f84137331889170c09d65979

Download Submit
/storage/emulated/0/android/.org.optimize.app/Presentation/socketID.st

Filesize
33B

MD5
5894226b79588399c7a6d8d457e20200

SHA1
0ef7d4672cb3345934e108eb24153c0ac6880c77

SHA256
8a009e24f4977211f456cbf46158094fb277f689ba5f2fe8d8fbb69a3a4a6321

SHA512
e92e39ad730becd54918a0590aa491003c526e0232607e75fd7cb8c3564ffb62db0af378b79d0473ef0ce18a3b8700ea8041676e936709bd7861f94151114406

Download Submit
/storage/emulated/0/android/.org.optimize.app/Presentation/system_log.txt

Filesize
175B

MD5
59be2b7d78f4cf4648ee97d7cc84a35b

SHA1
7eb53c60e120e791a8642e58ba12d87ad80d0a2b

SHA256
f7809fbfd4a220d976c4f6e50db3bea27ffeb46bcb54e84bceafc6738aed9345

SHA512
4dd3cc1b65da7c829a431498afa89cd97b81ff7622ed8a3824a21c529d04337f341f252a72829be111d8b47945b7db892af34633a83c5ba8f416ba9b5fb7142d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads