a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9

Analysis

max time kernel
150s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10-04-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9.apk
Size

1.1MB
MD5

6b69a9bf30d76c135db369956774f2cb
SHA1

22f49fa7fe1506d2639f08e9ae198e262396c052
SHA256

a98a224b644d3d88eed27aa05548a41e0178dba93ed9145250f61912e924b3e9
SHA512

2df561ffe8b9d8ce3ab6b1a5b1eccb4312e7230fa20c4da451e76cdb53e94169ffc4b2fbc0a09fe45ca6e5551921ba51670c087b0eb899ccc9206186ec0b83dd
SSDEEP

24576:idX3e1cFTNITHE4Uo+N6SSmZ1e8+wyJ8Doj562FuNGlhlsdbC/lwU6Xf:idneJTZrq6XmZ8ZwEsMuNGl3OmSXf

Score

8^/10

banker collection discovery evasion persistence stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
banker discovery

Security Software Discovery
T1418.001

Processes:

com.vodaservices

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications com.vodaservices
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.vodaservices

pid process

4410 com.vodaservices
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery

Location Tracking
T1430

Processes:

com.vodaservices

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.vodaservices
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.vodaservices

description ioc process

File opened for read /proc/cpuinfo com.vodaservices
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.vodaservices

description ioc process

File opened for read /proc/meminfo com.vodaservices
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.vodaservices

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.vodaservices
Acquires the wake lock 1 IoCs

Processes:

com.vodaservices

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.vodaservices
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.vodaservices

pid	process
4410	com.vodaservices

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.vodaservices

description	ioc	process
File opened for read	/proc/cpuinfo	com.vodaservices

description	ioc	process
File opened for read	/proc/meminfo	com.vodaservices

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.vodaservices

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.vodaservices

com.vodaservices
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Requests cell location
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
PID:4410

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.vodaservices/app_cache_cont/lastSettings

Filesize
152B

MD5
238db4d6d141ec08f97ce9ae74ebdbb9

SHA1
9c9c2f8dfd4b22cadfa0e75b5d3a36f36c35ddaa

SHA256
f0072b3bde1388c2df662efe9cb5fda502ac3c35c89041e4975e1878c15557e1

SHA512
4be768d8eecb3de1431269dad3ca41dd197b3153f95452aec08d34753421e1281db70f7dbc58f94d8071a799a395c5d4321e744e63452a83f897a344c03b543f

Download Submit