Overview

overview

10

Static

static

10

6eeb683ee4...ba.apk

android-9-x86

8

6eeb683ee4...ba.apk

android-13-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    143s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240229-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
  • submitted
    10-04-2024 11:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba.apk

  • Size

    2.9MB

  • MD5

    b0c5b2b4d6678c9faa5140a040a1ab73

  • SHA1

    ca101ddfcf6746ffa171dc3a0545ebd017bf689a

  • SHA256

    6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba

  • SHA512

    4ac35472e292b4491e96d32ccd73f73fef10ed90070bcc16d1c69b0c800762a47fde01871a75274b2036eeb76705767c9a4d282e1f57bf55931da9011195e2fd

  • SSDEEP

    49152:duRML7jNf7mUqyKD/09lXUKhoHvoiUc/l9tZ5yHKhs76ry5K+X6j1VHzfjqD:1jN7xLG/Ul70RUcN9tXkj7eH+Xu1JzfS

Score
8/10
bankercollectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
    bankerdiscovery
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.tencent.mobileqq
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Queries information about running processes on the device.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events
    Filesize

    40KB

    MD5

    571112758fefc013ca64f73bc959a009

    SHA1

    64b3e995d49a74c647cb467f54fc72c28c5af3bf

    SHA256

    632907b2357e6d3e99c86012795c6a2eebd1e8c1ee0a64c64878c5c1201413a2

    SHA512

    ce75b2bf73c4fd98b5391cf39610260fc90a91a7e85388c6074fe7b21f8b54eb88a0d0ce83a3403b496bcaf885deceab36daaae18976dc1f18fa4dd0605e2e34

    Download Submit
  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    80c191045facb4367c2d0ef61b06d3e2

    SHA1

    4cd9a36b26a067140307313aa4bac4873c0e4327

    SHA256

    3f00ed7ee77000bcd0fb9649db15e56feb25190fdbae91c156ea0097028e1347

    SHA512

    141b6f84229c1f73724f4fe76f88a09481ea4f28deb88584f0cf6ba23da53345f5a8cbaca7de5c3ece6bdd96d1a7d22544599271edd7e030cf92ab14768dd2ed

    Download Submit
  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    13eec890e02017b38084334dbe771546

    SHA1

    88de803934b735950c6dc3e0a1fe4a0041816a5a

    SHA256

    4177a8adad61ea09002f28dffc0a26bd47feedb28b83ef1b66fef7045affcebb

    SHA512

    aaaa2f888ab65be065bd439ac8278c11b053961647a63d1af8f7e9b3f44d22a6aff141e7fed9e532b9cb69795936bbe3821ee52413d25361b0c142fc19bc198f

    Download Submit
  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    e6c178f1877c562014aa7bff0dc4bc06

    SHA1

    24e9fefea0daed263db5650db44b5a52e6223636

    SHA256

    229725e12b0c5649cf8167a36ca73a129ffdb436fb4968305717f34508b18e93

    SHA512

    3bf0236e4c89cd450311559428f62311e3ec51c4211d50ada8762cbab7cd0b3dcab071c82fd078fbd11f9e06bdcc009236a234a20dfdc58bee50a5e85540b675

    Download Submit
  • /data/user/0/com.tencent.mobileqq/files/PersistedInstallation3510695522960607857tmp
    Filesize

    90B

    MD5

    53d567ff31b5f975081b1c811715c996

    SHA1

    a70b518a017938da0863bcb64263334ebe565cab

    SHA256

    2df4af537dfac8a1f1b44acf8227d6b64695811aa059fd00f88d0d94a66a2470

    SHA512

    100384473d5f43c96cb0bdb167f7ba546b36d19f8f2c57cf67f2b6e79bf20594c2290d553617fa73dbe390a8ac12edfe00f52f97efecab298987d1c0b60cf402

    Download Submit
  • /data/user/0/com.tencent.mobileqq/files/PersistedInstallation6768903546371414531tmp
    Filesize

    114B

    MD5

    94cf157524849c2a097967aef2c6135c

    SHA1

    78790ac8a7fbc430ea3a45816713b2b59555d2ed

    SHA256

    70842f8e9055a2a414401ee394d8284ea4fc07e5242514130a5aa5972ef1a763

    SHA512

    4d42567da0d002fa89958894763f28a8e10bfdf5a74b0f36b99d76b703ba34049f8637b5446f1e5627b022ab0c865750131906afc15c39d6c3e383f7a2dc5a7a

    Download Submit