a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885

Analysis

max time kernel
43s
max time network
146s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10/04/2024, 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885.apk
Size

6.2MB
MD5

d70fb29424a2b16302b2edcecf05d19d
SHA1

fa045c61c4e126b3d2fdd0cb89341f3e7a6a32eb
SHA256

a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885
SHA512

0d75cb332baf3cd213bb1f92bd39a94fcc609d1b9d3f6f4e01d3a8d5c936d2590d49dd3f2957bbc78e22fc0d54319dddac7151504867cff52443a5c9ee9adbd1
SSDEEP

98304:gy8E0X6FbzoQzTdwvgRw33BCb0KB/ynnfnDcYWIS9zfrtmYqhOwcIw8t:ghz6NoQHhRwTKB/ynnfnDcgrOwcIvt

Score

8^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	org.thoughtcrime.signal

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.thoughtcrime.signal

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	org.thoughtcrime.signal

org.thoughtcrime.signal
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4179

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.thoughtcrime.signal/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/org.thoughtcrime.signal/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
e116102599ea4448e001231b21106bc5

SHA1
5a5a5c9094018f688d0fef90994186472ef59c37

SHA256
cffc9561256863bcfe7017b6a0e3588fdbbb29c84aef7a8dd24afadaf63896fa

SHA512
35a6ec08136749d6b50ed221419ff0ccc9108eb9d3ad8ed137b030387cc40107193028c44a7b5cdb15b03773713f5cb623788cc2a5f9ca1289735af4453ad970

Download Submit
/data/data/org.thoughtcrime.signal/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.thoughtcrime.signal/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
7e78b2e9e85cdebe6076d5f7bdc4e934

SHA1
c215b7ad2adca3cf19a4a8055bfc9a9b075720d2

SHA256
4c603c4cd136c42d996ed8a998255f74c4f5096a05c9b5ef452da5edf53372b5

SHA512
1dbcc39d0eba9eb05fe663a9678d77d9307300c23c65c65ca5f75f4006fb8ff8830246a0ad7b915e0700b259852069b2bf02ce50836de012b7b54fb065d3e4e5

Download Submit
/data/data/org.thoughtcrime.signal/files/PersistedInstallation3864057475925927870tmp

Filesize
90B

MD5
3ee81b79fbea7022a1f69bdd863a11d5

SHA1
a66f6da2ec99aa4907a2938b170236205a7d82d3

SHA256
f2513a3164b93345ca6879894dd8b4b7b3882021aa628838d7fe29f9b37319d3

SHA512
c78407f50f47c93cf4a2af015d73c0a8dabbf3c2f251b6d5a4aa72b81279f0c1947d99c4d2514a33fa5c20f0909ac2f0670b48671b8a98875b33d9aea61ed762

Download Submit
/data/data/org.thoughtcrime.signal/files/PersistedInstallation999899347024930833tmp

Filesize
569B

MD5
5dd110339b86913da091c19735388ad4

SHA1
3e78a374fefd1e38cc81721a539fbe5fcf843275

SHA256
fc67b5ab6a36e04f52cc52342269ccca09af335aafa8a768670c5bd749c9af46

SHA512
c28d15018786b67dcc95710e2765b731afa5f68f075e2fbfdd7a358facf6dbcdfc38380f8e5fbcebc982d5d641b4764eed0f6a3f6aae1dc30a375b6dbb13c148

Download Submit
/storage/emulated/0/Android/.org.thoughtcrime.signal/Presentation/conf.st

Filesize
45B

MD5
0715c425e68269fb474bbf4ef92c9494

SHA1
761945ce56c4cedfd07e2d78f5d795fde493ea37

SHA256
c7ac06c02abc6acebb0a21b907ea1773680df2277a0fc3e44336039525f06114

SHA512
cb1b8b8df700c23fc6c0b1102d54ef3ad7e1ab2f07903c82e87bb68672662cb569c7a777ce09c75892b4d04ffcc5a09537bc2da59cf46b7d306951c7beac2f34

Download Submit
/storage/emulated/0/Android/.org.thoughtcrime.signal/Presentation/encSocketID.enc

Filesize
176B

MD5
d8128b3498171614bca7520920f268b6

SHA1
a967b7d57de83218136120f844789a22a1a448a1

SHA256
4a685a0446e6dcc25f71e9ce24f4e5afd87c84f871ad8a2d2ccf2ccdf3aa299f

SHA512
9ffd09a32182a8beb0814bd75bb273be44dce287c49289624b56e44789a2d0a0d023dfb163d299ca3364fa64bb6cc1d169c683fd674f9dd68ee8e02941ea5331

Download Submit
/storage/emulated/0/Android/.org.thoughtcrime.signal/Presentation/fls.tr

Filesize
397B

MD5
0ef766f107aeb466075e1dc1931ef9e3

SHA1
c709aa57d603f94bd72c8c1b0d6806364c2c23f1

SHA256
9d468987549e180c2ab8b4a88036f479d9e403bc0ba8300df7594bb78c7b633e

SHA512
8124600a52058fdc37559f023fb66f7004eeb6b54af5c6a077d040cc886af6807f65ee6b475e589e91ced27ee5b884375ab448e3f552cc113e1d9cb95abb35ab

Download Submit
/storage/emulated/0/Android/.org.thoughtcrime.signal/Presentation/socketID.st

Filesize
33B

MD5
40cd5dc77c938ed74e9b3d5388ab2af1

SHA1
985ce39e015abaf02e47122afa6a20c4063805d4

SHA256
066c880408ef7d7517f53998374bc4d4023f3fd097a6693ea778cd61a3cdf7a4

SHA512
81809de372ecb35c0791d9d5bd0b430a1b9160c9a9abac8165a9f4d89998b29fbce2b60d9c2e56ebf3afb91bc363c601dc9aeaf68345bebfc9809b109dce576f

Download Submit
/storage/emulated/0/Android/.org.thoughtcrime.signal/Presentation/system_log.txt

Filesize
175B

MD5
62120e51eadce5deca62cb4a68ac584e

SHA1
c88daefc31a305fbd554224b3c96c36c1767450e

SHA256
bbc78dd4b89caf1769d97e8afe85aac454c67bee09bce157f2caf8aa39a29beb

SHA512
0d1c19e21324176c49d11f56ca127840bfca7aafa3e279eb8ad9038bff1e49c76b52eaf2eee3079731459492c868fccebe8c5310b5112bab8550663cf1ff45be

Download Submit