Overview

overview

10

Static

static

10

243ea96b2f...6e.apk

android-9-x86

8

243ea96b2f...6e.apk

android-11-x64

8

Analysis

  • max time kernel
    154s
  • max time network
    165s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    10-04-2024 09:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    243ea96b2f8f70abc127c8bc1759929e3ad9efc1dec5b51f5788e9896b6d516e.apk

  • Size

    2.9MB

  • MD5

    5d892168472ed4a87a60721c02330f15

  • SHA1

    97ead8dec0bf601ba452b9e45bb33cb4a3bf830f

  • SHA256

    243ea96b2f8f70abc127c8bc1759929e3ad9efc1dec5b51f5788e9896b6d516e

  • SHA512

    e8aa2aecbde4c0385b5027a0920cb4dd3d19267e2ef2155f74d8b90425697c7a5421f31a3d12ee5f6fb904ad82514c9de7f2d1e7d53e43f50aa2b179434ec60a

  • SSDEEP

    49152:x7LP4p94zO8tBKX4wbX447y0duRMQ7NqyuHbEdyqDVMl8aS:xHQF4Y20qNLlzDVeS

Score
8/10
bankercollectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
    bankerdiscovery
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.androidservices.support
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Queries information about running processes on the device.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4407

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events
    Filesize

    40KB

    MD5

    1cf3f63c021d755a21623e6d0e86dbc6

    SHA1

    e40e0f1faa61abcca7ba3394c54c92ff7334b49b

    SHA256

    100c67650ba652d547d8a1128edc550a8e95541a1d9268a199d1b924294d0895

    SHA512

    38d72e14f3513ffd26989cbda3df46ed3dd6e731bdfae56440eff6b64760cc13f91014281c9add61e018fe3529e49c63a6892ca22479515816c768b546244466

    Download Submit
  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    da0dc3d815f691923a4c1b9800fd8fd1

    SHA1

    78efe8fa09ab76dcf04856d9d746d90588fe3952

    SHA256

    4c4c2739a8d32619a01f401a4c8c0ef92020bc342b5a8bc4410521fc9b603d05

    SHA512

    ec4b03decd38a59d40581e561403c5c0d05cb07531fbda5fc6a01cb1c6aa03eb496d06add6038efd7798e2ddc78346a56777f355f11de6daecaa122d524a1e7d

    Download Submit
  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    e14ff9926e2884bdb8693f35b203a6a1

    SHA1

    b254a4879d5504c12f2c665cd7e41ae1a90db3d8

    SHA256

    00090a89dd1adca7b723682e7b2d179bb637682a34392508fc4d55010af3a0b5

    SHA512

    49ec356d30ec5bdbabe724ae531ffe8ed8bad2a3c06e2b117cb42b409b8ee177441bb2d54c6daeb89518baf290d080ed12808c4aae1120adf079f78301cc3508

    Download Submit
  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    d9a5b208e484925acecd6c890e77a16f

    SHA1

    5f4691e84f7308dd06315dd9000cea3cf625fe6a

    SHA256

    8623a1cc227e4ff7ce883614cf7b9ec683472d6171d0c5ca6f2d1ede6f577d2c

    SHA512

    7f4f5673f34ab4958b1a726c896e93dcf3334836a4dcbc62fa1a6af3d5d94347588067b4a47036c4ebe649dabca7c697b9c690bfdb13c93a6d41c9fc56426f0f

    Download Submit
  • /data/user/0/com.androidservices.support/files/PersistedInstallation1305231358610962818tmp
    Filesize

    114B

    MD5

    82aa5936cb4408dc30cd6c153f47c0b8

    SHA1

    e15b4bfcd73c904cd3dc262e0975abd765184e02

    SHA256

    c49843b2c4a1c6e7d617d86559d858d0982344910bf478a9eda6704b91929f67

    SHA512

    95e3f5cadefde4525f69b1319eb619e78b35e906b8361e99359ed5cc96881f58b9cc900280c85e72c8b2caad7eb627a5e8f97442ce3d2820ac91ed91596c7b72

    Download Submit
  • /data/user/0/com.androidservices.support/files/PersistedInstallation6658376287926160638tmp
    Filesize

    90B

    MD5

    2459c6d1baa585d92fd1dd857d9e3be4

    SHA1

    4ced0b02a6afcda5738f12fe5fa261e1b1cec1a8

    SHA256

    ad6bf2d017547174af3369803943cd2901f92dc83207406856c1e5088a93974a

    SHA512

    2aec98e81fb40bb1a1ac4f42cd481991728e44d960943f5bb05dfd33588c92b4476114fa89e4e7c86498cc90ad4f22c526cb565f639b58f51f9564935bc18324

    Download Submit