Overview

overview

10

Static

static

10

89f350332b...c3.apk

android-9-x86

8

89f350332b...c3.apk

android-10-x64

8

89f350332b...c3.apk

android-11-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    10/04/2024, 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89f350332be1172fc2d64ac8ecd7fd15a09a2bd6e0ab6a7898a48fb3e5c9eac3.apk

  • Size

    56KB

  • MD5

    a4f09ccb185d73df1dec4a0b16bf6e2c

  • SHA1

    c5c0953cb8dc15433b81f82ba7c8576301152d54

  • SHA256

    89f350332be1172fc2d64ac8ecd7fd15a09a2bd6e0ab6a7898a48fb3e5c9eac3

  • SHA512

    cfe7cc37b5250e7acdce836bb9947eccb3cbad1fb425e86ce29d647af72345bce2a54c4f46e297a7043ef09e0ef8872afe2d9f0295f0f6a7edf3dd82e1a11089

  • SSDEEP

    768:GOCFp/jmkdMCS43hoW6MpM55hkGzP87iPyYtm241AeUP2coEs5SE:GxFpqkKQKDhXk+PHt7qAeUPDst

Score
8/10
collectiondiscoveryevasionstealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscovery
  • Queries account information for other applications stored on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the browser bookmarks. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • pw.nrt.photo.google
    1⤵
    • Removes its main activity from the application launcher
    • Requests cell location
    • Queries account information for other applications stored on the device.
    • Reads the contacts stored on the device.
    • Reads the content of photos stored on the user's device.
    • Reads the content of the browser bookmarks.
    • Reads the content of the call log.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4471
    • cat /proc/version
      2⤵
        PID:4739

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /storage/emulated/0/DCIM/Camera/htrewhw4whdsk7.jpg
      Filesize

      5KB

      MD5

      82ab1482520fe41408c760c00a7c2714

      SHA1

      67f9906d9081c6e3ba8c5a6771cda796b4b93e7f

      SHA256

      2d42bb186537f6852580531ed1596dd87335942b00d9ba97fbce36f0992135e5

      SHA512

      f7d8ad3a38a3994567307d2288d56e12da1f2ba8406d3467afcc6457397c3bb0f24b8ae52b388834462f8016d1bbadc7a9eefdccebdb5f1ba04e3f40a19559dd

      Download Submit