Analysis
-
max time kernel
154s -
max time network
165s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
10-04-2024 09:58
Behavioral task
behavioral1
Sample
243ea96b2f8f70abc127c8bc1759929e3ad9efc1dec5b51f5788e9896b6d516e.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
243ea96b2f8f70abc127c8bc1759929e3ad9efc1dec5b51f5788e9896b6d516e.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
243ea96b2f8f70abc127c8bc1759929e3ad9efc1dec5b51f5788e9896b6d516e.apk
-
Size
2.9MB
-
MD5
5d892168472ed4a87a60721c02330f15
-
SHA1
97ead8dec0bf601ba452b9e45bb33cb4a3bf830f
-
SHA256
243ea96b2f8f70abc127c8bc1759929e3ad9efc1dec5b51f5788e9896b6d516e
-
SHA512
e8aa2aecbde4c0385b5027a0920cb4dd3d19267e2ef2155f74d8b90425697c7a5421f31a3d12ee5f6fb904ad82514c9de7f2d1e7d53e43f50aa2b179434ec60a
-
SSDEEP
49152:x7LP4p94zO8tBKX4wbX447y0duRMQ7NqyuHbEdyqDVMl8aS:xHQF4Y20qNLlzDVeS
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
description ioc Process Framework service call android.content.pm.IPackageManager.getInstalledApplications com.androidservices.support -
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.androidservices.support -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.androidservices.support -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.androidservices.support -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.androidservices.support -
Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.androidservices.support -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.androidservices.support -
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.androidservices.support
Processes
-
com.androidservices.support1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4407
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD51cf3f63c021d755a21623e6d0e86dbc6
SHA1e40e0f1faa61abcca7ba3394c54c92ff7334b49b
SHA256100c67650ba652d547d8a1128edc550a8e95541a1d9268a199d1b924294d0895
SHA51238d72e14f3513ffd26989cbda3df46ed3dd6e731bdfae56440eff6b64760cc13f91014281c9add61e018fe3529e49c63a6892ca22479515816c768b546244466
-
Filesize
512B
MD5da0dc3d815f691923a4c1b9800fd8fd1
SHA178efe8fa09ab76dcf04856d9d746d90588fe3952
SHA2564c4c2739a8d32619a01f401a4c8c0ef92020bc342b5a8bc4410521fc9b603d05
SHA512ec4b03decd38a59d40581e561403c5c0d05cb07531fbda5fc6a01cb1c6aa03eb496d06add6038efd7798e2ddc78346a56777f355f11de6daecaa122d524a1e7d
-
Filesize
8KB
MD5e14ff9926e2884bdb8693f35b203a6a1
SHA1b254a4879d5504c12f2c665cd7e41ae1a90db3d8
SHA25600090a89dd1adca7b723682e7b2d179bb637682a34392508fc4d55010af3a0b5
SHA51249ec356d30ec5bdbabe724ae531ffe8ed8bad2a3c06e2b117cb42b409b8ee177441bb2d54c6daeb89518baf290d080ed12808c4aae1120adf079f78301cc3508
-
Filesize
8KB
MD5d9a5b208e484925acecd6c890e77a16f
SHA15f4691e84f7308dd06315dd9000cea3cf625fe6a
SHA2568623a1cc227e4ff7ce883614cf7b9ec683472d6171d0c5ca6f2d1ede6f577d2c
SHA5127f4f5673f34ab4958b1a726c896e93dcf3334836a4dcbc62fa1a6af3d5d94347588067b4a47036c4ebe649dabca7c697b9c690bfdb13c93a6d41c9fc56426f0f
-
Filesize
114B
MD582aa5936cb4408dc30cd6c153f47c0b8
SHA1e15b4bfcd73c904cd3dc262e0975abd765184e02
SHA256c49843b2c4a1c6e7d617d86559d858d0982344910bf478a9eda6704b91929f67
SHA51295e3f5cadefde4525f69b1319eb619e78b35e906b8361e99359ed5cc96881f58b9cc900280c85e72c8b2caad7eb627a5e8f97442ce3d2820ac91ed91596c7b72
-
Filesize
90B
MD52459c6d1baa585d92fd1dd857d9e3be4
SHA14ced0b02a6afcda5738f12fe5fa261e1b1cec1a8
SHA256ad6bf2d017547174af3369803943cd2901f92dc83207406856c1e5088a93974a
SHA5122aec98e81fb40bb1a1ac4f42cd481991728e44d960943f5bb05dfd33588c92b4476114fa89e4e7c86498cc90ad4f22c526cb565f639b58f51f9564935bc18324