Analysis
-
max time kernel
150s -
max time network
159s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
10-04-2024 13:19
Behavioral task
behavioral1
Sample
a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9.apk
-
Size
1.1MB
-
MD5
6b69a9bf30d76c135db369956774f2cb
-
SHA1
22f49fa7fe1506d2639f08e9ae198e262396c052
-
SHA256
a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9
-
SHA512
2df561ffe8b9d8ce3ab6b1a5b1eccb4312e7230fa20c4da451e76cdb53e94169ffc4b2fbc0a09fe45ca6e5551921ba51670c087b0eb899ccc9206186ec0b83dd
-
SSDEEP
24576:idX3e1cFTNITHE4Uo+N6SSmZ1e8+wyJ8Doj562FuNGlhlsdbC/lwU6Xf:idneJTZrq6XmZ8ZwEsMuNGl3OmSXf
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
description ioc Process Framework service call android.content.pm.IPackageManager.getInstalledApplications com.vodaservices -
pid Process 4410 com.vodaservices -
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.vodaservices -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.vodaservices -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.vodaservices -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.vodaservices -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.vodaservices -
Reads information about phone network operator. 1 TTPs
Processes
-
com.vodaservices1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Requests cell location
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
PID:4410
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5238db4d6d141ec08f97ce9ae74ebdbb9
SHA19c9c2f8dfd4b22cadfa0e75b5d3a36f36c35ddaa
SHA256f0072b3bde1388c2df662efe9cb5fda502ac3c35c89041e4975e1878c15557e1
SHA5124be768d8eecb3de1431269dad3ca41dd197b3153f95452aec08d34753421e1281db70f7dbc58f94d8071a799a395c5d4321e744e63452a83f897a344c03b543f