a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885

Analysis

max time kernel
84s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10/04/2024, 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885.apk
Size

6.2MB
MD5

d70fb29424a2b16302b2edcecf05d19d
SHA1

fa045c61c4e126b3d2fdd0cb89341f3e7a6a32eb
SHA256

a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885
SHA512

0d75cb332baf3cd213bb1f92bd39a94fcc609d1b9d3f6f4e01d3a8d5c936d2590d49dd3f2957bbc78e22fc0d54319dddac7151504867cff52443a5c9ee9adbd1
SSDEEP

98304:gy8E0X6FbzoQzTdwvgRw33BCb0KB/ynnfnDcYWIS9zfrtmYqhOwcIw8t:ghz6NoQHhRwTKB/ynnfnDcgrOwcIvt

Score

8^/10

banker collection discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	org.thoughtcrime.signal

Queries account information for other applications stored on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	org.thoughtcrime.signal

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	org.thoughtcrime.signal

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	org.thoughtcrime.signal

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.thoughtcrime.signal

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	org.thoughtcrime.signal

org.thoughtcrime.signal
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Queries account information for other applications stored on the device.
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4431

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/org.thoughtcrime.signal/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
1cf3f63c021d755a21623e6d0e86dbc6

SHA1
e40e0f1faa61abcca7ba3394c54c92ff7334b49b

SHA256
100c67650ba652d547d8a1128edc550a8e95541a1d9268a199d1b924294d0895

SHA512
38d72e14f3513ffd26989cbda3df46ed3dd6e731bdfae56440eff6b64760cc13f91014281c9add61e018fe3529e49c63a6892ca22479515816c768b546244466

Download Submit
/data/user/0/org.thoughtcrime.signal/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7adc6a072c82462584f041b35d7373a8

SHA1
7854052a51ccef4ab846d3adbaee043b66c52187

SHA256
1bb4fea48313bdba0c19d7be4085d4348385927a4c4236f3349a04de31a69a42

SHA512
322b19d54722e7ff0844bb35c45ac1e11bd83c48dc9f1bfd70e88bfcf2a34393d8f4105e5eba8be8d24bb8bad0dbda63a88d03e254e5a962fd3ed3897cdefe0a

Download Submit
/data/user/0/org.thoughtcrime.signal/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
db9c7f72dc6873ddfa82a125523313a2

SHA1
abefbd51fb145671fc03822c1dffadf9cde3792e

SHA256
2ca3c74fe22401d36718995624213d2f7c62ee85e1406d2c222dca81d79c8b5f

SHA512
5dfaf85dbc85ca7e2e1ba65af438fa09991bcf10598f0d9e751b96d2127bfc30cb8dc37db04401486a9c2fd158868aa31962d90b0ddfc567470eb1f63a8bc15f

Download Submit
/data/user/0/org.thoughtcrime.signal/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4936f9899604caad1ec3954c5b984290

SHA1
dc85ee2e1d338aedbd5f34bfdc402fa80ec91ea9

SHA256
187a785b077ecf59f08d882f72c6119836c3d327b743e4492c4131062e9cc750

SHA512
bed6aa8d53b0137e8a5749725a330db5a63d141e7fef38da0d037174b741ccb3dcca204a24ede6ebd010d5fb3c9ae0a28f741cb6f3c4ca41c0625d2658949d56

Download Submit
/data/user/0/org.thoughtcrime.signal/files/PersistedInstallation755134809863315843tmp

Filesize
570B

MD5
0184cbcb8379fea21779942755d82392

SHA1
15a54fb847df5e2379a684256009bdc4bdb83e35

SHA256
fbe8ed73c7a0ba33e1f881ad7763157012014b4a088e590be3b5b26d685d7de4

SHA512
5fb8189c760708fd3d91922215796fae75a7217c62e813dae0a8a0caeded9e389afe344ae4aab5ee0a1a25c2f370ea32fa30077a61d34e4192964a213c428de0

Download Submit
/data/user/0/org.thoughtcrime.signal/files/PersistedInstallation7987004914029026244tmp

Filesize
90B

MD5
3da187eac85f4c8bef4d5280ccb1e186

SHA1
57c976683d67628cb9dffa98baaa028cb638f90a

SHA256
08abf48b74f8be88791f507309744092d155469cbfaea20fc22387e644d458c7

SHA512
75c1d986ebc9d06323a53cacea442f3a93e06ad7fbc78a79e1ac11e71038e81c9dfa47e9596e014fa315d66b278109436313289fff7905bfb71402c5ecd68ad1

Download Submit
/storage/emulated/0/Android/.org.thoughtcrime.signal/Presentation/fls.tr

Filesize
388B

MD5
ace13fde846a1f631fb017ce8fae63ab

SHA1
9a8d45e9a540c46fa365caf5b166ad12d2d49f50

SHA256
b35340ff3c8c3a0b0734d81414e8047c41bd802be17b485796fc3f3a4b0ad32e

SHA512
d7e0f010b6f2b2b481df25d3f7da7ca194e1f5e3b0e50babc9d75fce08c9eea6cb0625cafade7a35dd44bc5f2c7a477ac12390d7bb36d4f20860d1363bcb6966

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/1c0n1ct_1712735408238.cn

Filesize
3B

MD5
8a80554c91d9fca8acb82f023de02f11

SHA1
5f36b2ea290645ee34d943220a14b54ee5ea5be5

SHA256
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

SHA512
ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/1c0n1ct_1712735408238.zip

Filesize
221B

MD5
3df8df3dcfe27f4fda613ffee432d1c2

SHA1
ff3fa9561a1c08bf4517272f98ab368f2a5ae9ff

SHA256
eac0ae84bd5ea4db8701105a6deac482216d40cb96c8311aba91f433995697d8

SHA512
7a81031143ee4e8e9c9d4fd3452bd30f1d29b79962a0fa3d6c28a672837d338bdd94533698abffb57d523dc5df64ed22726b08a73e58a6b7573c558d419c4a55

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/apps.ap

Filesize
1KB

MD5
b65d4cdcadc0818da4f968d0f4f32625

SHA1
d5b9355c9fe70322e9a0dada07373ecc48071dbf

SHA256
bd46dc535667447b49cc2e4a624c9464758cd80327bdd9b9a5c20934c5b7fbad

SHA512
bd43f11960dc44ce8f57a13a8d5a058c9b0343a6d56c5ab1c398472b0ed435b31580460d617ad5191b9f865b2193a57823b1dba273be62033ee7d32ae9f7d2c9

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/s8s54_1712735398253.sm

Filesize
11B

MD5
0c554d4e30c294140ede96a4d06775b6

SHA1
c22fe7585096e9478b6b64c20bd33e22df5d96d8

SHA256
fefaa3e60e610770898396979fc7e59e2f32515db738a2aa6fc5053d571e49ca

SHA512
6759ae4635432a45dc37262aeea6a4457cf4a34bcb5805db2d42563d052e30ce97438b695a671d8ab7931bed82f93908cdba608ad086e24e7667c1640182e3b5

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/DataLink/s8s54_1712735398253.zip

Filesize
225B

MD5
e45f1fc6c6eea17a1cf7cba8b0d6c07e

SHA1
863d7058c2a0e6ba76af3f481056dd06ba85110d

SHA256
6cd05b930d44cfaf88be49edab57493d6d09228d042b83c2bb3cf8e86701d184

SHA512
6cf99a6aa7f983d817f2578b4db458321a0099f171c4e003a3861d57a1ce644b8cd0f72356a08f71e46ebe85001c1e40b72a4c839b80a6ff0c31f5a883399833

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/conf.st

Filesize
45B

MD5
0715c425e68269fb474bbf4ef92c9494

SHA1
761945ce56c4cedfd07e2d78f5d795fde493ea37

SHA256
c7ac06c02abc6acebb0a21b907ea1773680df2277a0fc3e44336039525f06114

SHA512
cb1b8b8df700c23fc6c0b1102d54ef3ad7e1ab2f07903c82e87bb68672662cb569c7a777ce09c75892b4d04ffcc5a09537bc2da59cf46b7d306951c7beac2f34

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/encSocketID.enc

Filesize
176B

MD5
a7beba01693d9da18310658381726bba

SHA1
f2d09722a651b6c8745f375c9885e2c13bd748bb

SHA256
aad27ea3ac791d4d638e1fa0c2b1c97cd2863ab7b6239ba3540d7c7655aabf64

SHA512
090f946524276c5884158a13f0168267a509e345ca553c69ea1a7931e008c83550a274e38dbcdb72fdf9e4034478f6f3bb0f847bc9141869961f667bcffdeba8

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/randomUUID.uid

Filesize
60B

MD5
f0c6f56469efd4e34da58d982a347be5

SHA1
44dddbd236a0bad5de86bc7ff6529113652433d5

SHA256
2b86772b265327e2005d76aecd9dd41170bc75ae54482678f0b066afffd97683

SHA512
e5ce43c7f7d151070e70588a83c9ada67bb8d5c69282f2dc7741921801810b3e4c760a45ef2fea31846b464952fa88c8e0b413a203336d7aa5ceb579d5f1b716

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/socketID.st

Filesize
33B

MD5
fc898cbf107a5054435e22204c57d2f4

SHA1
583d3f1a9fc178435d930964e3f5fea58683fa14

SHA256
2af93a24c14464c7e938b218632e2f72b16d709deeb5fdee628de1a08ab2138b

SHA512
296f8eebc9a2c0e094f6200ee74e842292c29787466eb1bed074183df1872700310ba6fd240c800dc0945392c0b2fe8bbc2c4e1f5e8392ffd7413dd09438daf0

Download Submit
/storage/emulated/0/android/.org.thoughtcrime.signal/Presentation/system_log.txt

Filesize
175B

MD5
9056cc7bfc545c0c0fb323f11eb7f4a6

SHA1
a9fc18c9ad55be46ace353553be7bba15424e4ba

SHA256
1a772dcfc796cea348ebba27d6755aa55ca42a5e8cfa69702b6e94a3de2ac284

SHA512
b4a8c2ff3ba9db4cf72e177944cc2dc6a24c4f8e6c5593b9f371fb6257cb90c6f70c57e0df2f7dcbb6090e9f3ed2006c2634b956f55779c9de2f261f0a78a91a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads