89f350332be1172fc2d64ac8ecd7fd15a09a2bd6e0ab6a7898a48fb3e5c9eac3

Analysis

max time kernel
146s
max time network
158s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10/04/2024, 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89f350332be1172fc2d64ac8ecd7fd15a09a2bd6e0ab6a7898a48fb3e5c9eac3.apk
Size

56KB
MD5

a4f09ccb185d73df1dec4a0b16bf6e2c
SHA1

c5c0953cb8dc15433b81f82ba7c8576301152d54
SHA256

89f350332be1172fc2d64ac8ecd7fd15a09a2bd6e0ab6a7898a48fb3e5c9eac3
SHA512

cfe7cc37b5250e7acdce836bb9947eccb3cbad1fb425e86ce29d647af72345bce2a54c4f46e297a7043ef09e0ef8872afe2d9f0295f0f6a7edf3dd82e1a11089
SSDEEP

768:GOCFp/jmkdMCS43hoW6MpM55hkGzP87iPyYtm241AeUP2coEs5SE:GxFpqkKQKDhXk+PHt7qAeUPDst

Score

8^/10

collection discovery

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	pw.nrt.photo.google

Queries account information for other applications stored on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccounts	pw.nrt.photo.google

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	pw.nrt.photo.google

Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for write	content://media/external/images/media	pw.nrt.photo.google

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	pw.nrt.photo.google

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	pw.nrt.photo.google

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	pw.nrt.photo.google

pw.nrt.photo.google
1⤵
- Requests cell location
- Queries account information for other applications stored on the device.
- Reads the contacts stored on the device.
- Reads the content of photos stored on the user's device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5113

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Data from Local System

T1533

Location Tracking

T1430

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/DCIM/Camera/htrewhw4whdsk7.jpg

Filesize
5KB

MD5
82ab1482520fe41408c760c00a7c2714

SHA1
67f9906d9081c6e3ba8c5a6771cda796b4b93e7f

SHA256
2d42bb186537f6852580531ed1596dd87335942b00d9ba97fbce36f0992135e5

SHA512
f7d8ad3a38a3994567307d2288d56e12da1f2ba8406d3467afcc6457397c3bb0f24b8ae52b388834462f8016d1bbadc7a9eefdccebdb5f1ba04e3f40a19559dd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads