Overview

overview

10

Static

static

10

e38d7ba21a...e3.apk

android-9-x86

8

e38d7ba21a...e3.apk

android-13-x64

8

Analysis

  • max time kernel
    154s
  • max time network
    142s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240229-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
  • submitted
    10-04-2024 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e38d7ba21a48ad32963bfe6cb0203afe0839eca9a73268a67422109da282eae3.apk

  • Size

    2.9MB

  • MD5

    db253c49fa9375e6eaa7f23661c58554

  • SHA1

    527141e1ee5d76b55b7c7640f7dcf222cb93e010

  • SHA256

    e38d7ba21a48ad32963bfe6cb0203afe0839eca9a73268a67422109da282eae3

  • SHA512

    e15c29a45813977896487240692c5286053ca4e63f8da92709e4ea56ec354a039fcd5fe8168076da9d2e718cd89704e117e4ea690f5102383253f94f24ac362d

  • SSDEEP

    49152:3wAIKVFQuVh59r9VWEOxeoRPipEauRMQ7QqyGdZEdyqDVNdo:3LTH9rXxOxnuETQL5zDV7o

Score
8/10
bankercollectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
    bankerdiscovery
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.androidservices.support
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Queries information about running processes on the device.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4247

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events
    Filesize

    40KB

    MD5

    571112758fefc013ca64f73bc959a009

    SHA1

    64b3e995d49a74c647cb467f54fc72c28c5af3bf

    SHA256

    632907b2357e6d3e99c86012795c6a2eebd1e8c1ee0a64c64878c5c1201413a2

    SHA512

    ce75b2bf73c4fd98b5391cf39610260fc90a91a7e85388c6074fe7b21f8b54eb88a0d0ce83a3403b496bcaf885deceab36daaae18976dc1f18fa4dd0605e2e34

    Download Submit
  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    70a3b0295ef98ed263d41f036963f185

    SHA1

    6387bd4f7d873a9d9f745d72e01dc0b4fbd9a3a8

    SHA256

    f22d3a1f564914048f1a5aeba46acdadea6a171f9734dbdd03f12eadabec7137

    SHA512

    2fd11e3163d688bfcd926258b9f1b79f624b2416383ddf0acd80cce424aeb8b0b993e8800f18e5f0eb05d0e384f93d4e37024dbc4e848433d6cd2b016fa6f6f8

    Download Submit
  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    e095e25de8b5149e9f4a36e03de79fc3

    SHA1

    1b810f5c1097b65720b0c3fe8be82005b7895505

    SHA256

    19cb619de8b7e79e6e0717f733836e65455fbec62d317b3a499e2de1ade34f7f

    SHA512

    33333cc8534c2d93f63ae79f5f5692461f65daa49885c89dc42142eed584b0f4ac9e20dad1c2957714b660bd7ee2ecd9e97c1ff030375eb6fcb7289477f15d3c

    Download Submit
  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    56ac7267c03b87c4f59282c0dc8db927

    SHA1

    c25b2b85bb4973480d7d0fef9fe82a422a01a991

    SHA256

    d5fdf5868fc378562e74f4bdfc67efc4a0d68e30e59513a4e6fc8c0d5608285d

    SHA512

    d6ae0d43b0fe208388226470f1793612d886141f566c487235f8beadb591b3ba32b8f19a7d3f71abba186794ff5820b25b003e2d98fa6c8cfdb45f2ecd61fa9d

    Download Submit
  • /data/user/0/com.androidservices.support/files/PersistedInstallation4597352617131374810tmp
    Filesize

    90B

    MD5

    a4f12d9d120faabd9cd7754bea6edcec

    SHA1

    b7f59cfa712ab3a0372177cf5b1d78d9950c2855

    SHA256

    2cf674eeab5ccd2ee843e694a34fdf1a9aae351b68074177fd84ddf3423000c4

    SHA512

    f3abfd7da7ba7d2f5150e979d6fbfc4a16d4a9af2b3a6aa5cec65ac11f9ad05300f6f38690df8e74437ea2b3b8afa78d68261d507ad4b49511edd2f3873d38fe

    Download Submit
  • /data/user/0/com.androidservices.support/files/PersistedInstallation7254189286977489077tmp
    Filesize

    114B

    MD5

    f08b5c83dea8b4bb1ab77098ce232f9a

    SHA1

    11fabc9dbc77fe95f393fffbbd411e205630bc91

    SHA256

    8f94cb23c9a7ae29016f74ecb5d6158416c78f63da472ec3c81cf9f221227f86

    SHA512

    42c43c42af172675f7ca69c5b2fb818eee8e43b06d4948b458c4c5a45cb600e12f4cf076a616bdf491fc742508e44306c861e25a68ae58f3a3749dfbd2464f9a

    Download Submit