Overview

overview

10

Static

static

10

fe95855691...01.apk

android-9-x86

8

fe95855691...01.apk

android-11-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    10-04-2024 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe95855691cada4493641bc4f01eb00c670c002166d6591fe38073dd0ea1d001.apk

  • Size

    2.9MB

  • MD5

    0e9122e851abfa05a132b88b234d9bf3

  • SHA1

    9f949b095c2ab4b305b2ea168ae376adbba72ffb

  • SHA256

    fe95855691cada4493641bc4f01eb00c670c002166d6591fe38073dd0ea1d001

  • SHA512

    e275096af659fe700245cd8d3953fd7fba613675af19108b26b8fe2073b45faf141a94901c601b2791fdee40c5ed3dc437dd1541d84a26aef53aeb9d70851aa5

  • SSDEEP

    49152:Br5qyWl9vKOVTJKWJWs0p2NllLlFO6uRMA7YqyALoEdyqDVbgSw:lIym9SgTJKWUb6uYLkzDV0D

Score
8/10
bankercollectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
    bankerdiscovery
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.androidservices.support
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Queries information about running processes on the device.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4410

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events
    Filesize

    40KB

    MD5

    1cf3f63c021d755a21623e6d0e86dbc6

    SHA1

    e40e0f1faa61abcca7ba3394c54c92ff7334b49b

    SHA256

    100c67650ba652d547d8a1128edc550a8e95541a1d9268a199d1b924294d0895

    SHA512

    38d72e14f3513ffd26989cbda3df46ed3dd6e731bdfae56440eff6b64760cc13f91014281c9add61e018fe3529e49c63a6892ca22479515816c768b546244466

    Download Submit
  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    450bf40a30433dae6cc12ce0f30c2e43

    SHA1

    68cb84d7e1e360cb080bdd4728164967cd19f824

    SHA256

    7769aff31be34cab6d59345bcd88ffd0d6e112f08b3d3f719d5204c964a639f5

    SHA512

    035edc901147b0fc76b82ad9879362bcb61616f5b523efaea6fe6ef6e974df6f4fdf6b83bb0b6d80f55c310842455e8f2378deb0851de5a8edf8cf9f151b4bb0

    Download Submit
  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    4073e588ee16aeeb93f71cf1f752e0b4

    SHA1

    7347f143fd936f3bc80e6ef0bee41eb794f7b649

    SHA256

    e761d56ad0f14fff4ce44f2a214f66458c19ac1a3d9221bbb6b4bbae72013d73

    SHA512

    01ba52e1e4c3f5890226d806ecf6e525c4bb207cb62d4380bc97aa4245d4cff6c56dbb8849a1c0abefb8eadfee81019dc5f9f823a2f49cdd4c33597bfa725912

    Download Submit
  • /data/user/0/com.androidservices.support/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    53bfa0c040acbdeb8549c2e630d9348f

    SHA1

    7019e28bcb1446a35caeca6ef8cb5f54485d32e3

    SHA256

    fe16820ec4701e37a74ec6be73118bf52782afd488c93faa652fbf9bb1bebd88

    SHA512

    e0e623f33a08959a78311c4fd1686eb6bc41c1318865d35779ed33719d1d91d0c34dd729cd897cc5c86a301796ac145a98666b06c4764225f690baafdb9f17af

    Download Submit
  • /data/user/0/com.androidservices.support/files/PersistedInstallation6365492308761464872tmp
    Filesize

    114B

    MD5

    2236a883a4d0d756421b04203acbba81

    SHA1

    7f2ab2bc7462113bdab1898a6361b8288917fa98

    SHA256

    6719f3e24efff87108279ad673d8290431a8940bca3143374dc276000093bc3b

    SHA512

    302a609c004a2ee6624e7a1eeca96f5def28657035b7b6fa89b3e21306a2a15d17947df983911886b1bc695716bd829b4938f35d4cc6f0025f9d5804edb0c297

    Download Submit
  • /data/user/0/com.androidservices.support/files/PersistedInstallation867797368684786419tmp
    Filesize

    90B

    MD5

    396c28a21211f2fe469ed95a5f38bf37

    SHA1

    497ea274715b84722f75fa302ce79cb6d3eb6519

    SHA256

    f1ce61d85330302a9c29bb43beee349289fda7c33273ee18d71545ac366f9191

    SHA512

    0506e969c274461bbb313816122a2c385f59f658973a0b0d92dcaabb072ee941e4981db2fae9cbc06079d1c3a9018cbda8fccc1b50605d906c7a75446493331a

    Download Submit