a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9

Analysis

max time kernel
165s
max time network
151s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10-04-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9.apk
Size

1.1MB
MD5

6b69a9bf30d76c135db369956774f2cb
SHA1

22f49fa7fe1506d2639f08e9ae198e262396c052
SHA256

a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9
SHA512

2df561ffe8b9d8ce3ab6b1a5b1eccb4312e7230fa20c4da451e76cdb53e94169ffc4b2fbc0a09fe45ca6e5551921ba51670c087b0eb899ccc9206186ec0b83dd
SSDEEP

24576:idX3e1cFTNITHE4Uo+N6SSmZ1e8+wyJ8Doj562FuNGlhlsdbC/lwU6Xf:idneJTZrq6XmZ8ZwEsMuNGl3OmSXf

Score

8^/10

banker collection discovery evasion persistence stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
banker discovery

Security Software Discovery
T1418.001

Processes:

com.vodaservices

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.vodaservices
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.vodaservices

pid process

5087 com.vodaservices
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery

Location Tracking
T1430

Processes:

com.vodaservices

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.vodaservices
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.vodaservices

description ioc process

File opened for read /proc/cpuinfo com.vodaservices
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.vodaservices

description ioc process

File opened for read /proc/meminfo com.vodaservices
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.vodaservices

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.vodaservices
Acquires the wake lock 1 IoCs

Processes:

com.vodaservices

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.vodaservices
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.vodaservices

pid	process
5087	com.vodaservices

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.vodaservices

description	ioc	process
File opened for read	/proc/cpuinfo	com.vodaservices

description	ioc	process
File opened for read	/proc/meminfo	com.vodaservices

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.vodaservices

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.vodaservices

com.vodaservices
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Requests cell location
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
PID:5087

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.vodaservices/app_cache_cont/lastSettings

Filesize
152B

MD5
d429bec203fd263f0e73067bf881b997

SHA1
6cbd27334b2430b4592db8d04f87a4f78946cdd0

SHA256
fd0bf149532db4ae69e7fa94dd399776a50fccbdbfdb6262e2f11251f1f26dd9

SHA512
d4558e14449011bdd233774ffa3603cee7a605c74b63d39bbed15c64bdc73cb56d64458c1b565b472f6773f49e47d54a673c71c75c2e056d416967877a7716e6

Download Submit