eab5bd8692881373181f8b4003541df883e9bea63d12c2f628a5985ab8ee5625

Resubmissions

15/04/2024, 16:21

240415-ttm52ada6s 7

15/04/2024, 15:36

240415-s2bxascb6z 7

Analysis

max time kernel
6s
max time network
134s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
15/04/2024, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IFTTT-4.32.0.apk
Size

19.3MB
MD5

aaf5f98b27ce47f861c63f862f0a7035
SHA1

affecb2c857069ac3f30f7db56d6c6b5dba17e58
SHA256

eab5bd8692881373181f8b4003541df883e9bea63d12c2f628a5985ab8ee5625
SHA512

dd027635991ca28d968933bfc254d9c1145d876343c25bc1da343e836bcb48f2fc8811ec06689f7d5e813627fde11a4ba4acf4c57d9e27cc267517f38e398a68
SSDEEP

393216:15FU2Fny9oI5+tVzIQLM12fu55bg0Z9UGHUBSXwRjFHRx0gHlEe5MOk:LG2FnQt4tCXgfuT/9UGHUBSARjFHLHCB

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ifttt.ifttt

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4331	com.ifttt.ifttt
/system_ext/framework/androidx.window.extensions.jar	4331	com.ifttt.ifttt
/system_ext/framework/androidx.window.sidecar.jar	4331	com.ifttt.ifttt
/system_ext/framework/androidx.window.sidecar.jar	4331	com.ifttt.ifttt

Queries information about running processes on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ifttt.ifttt

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ifttt.ifttt

Checks the presence of a debugger
evasion

com.ifttt.ifttt
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Acquires the wake lock
PID:4331

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ifttt.ifttt/cache/ndk_crash_reports_v2/network_information

Filesize
79B

MD5
ab90f7843176c67df6bb9aa4366865e0

SHA1
3d65cc06a08c4b9093f68ff8ea5232d8652d6f72

SHA256
b8eb61758ab3e94b62c52111a981799d1cc4ed033602e093a751e933df68477f

SHA512
c027b436c20172f9e92d44256d8dd64a4e5e54200d7699abaabbb53cbb9161bad7875f0d98939c605e1997f054061d4057c7b48213ddc98993a563d392dbb5be

Download Submit
/data/data/com.ifttt.ifttt/cache/zendesk/zendesk_media_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.ifttt.ifttt/cache/zendesk/zendesk_response_cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.ifttt.ifttt/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
3227c2c7ad22641fb9a33d7c1f7fab15

SHA1
d8fdd43e5930a5e6bf727035e20ac1f13d566bd6

SHA256
62360870ca8a08f5cd5533996517adfc144d92c01fa4bc862fae919ff00bea0f

SHA512
d9b17afc3d25da3da302d9e7a5877c902fff211490e3c66843a498a5d66113764bb1d7cefc4273f742f651756054d4d3ea8c293689031c6737fae6f1dd8711e0

Download Submit
/data/data/com.ifttt.ifttt/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
fb07591c1e1feed8eaa7c094783fdf18

SHA1
5420ebc145ee65be2db516c9f98778762fb3a165

SHA256
31296417317f0576b870a4bc1a66c5888fdb99bc5b8eed0f46eb1d37b91da7ec

SHA512
c315f6bb77e471a44cd58adf1c819cf4ae8429690606f89ebef210e6c63db4b95d095e45abdd06fa03cb8591c3c3b24640e22a48887e34ca4003df7f32087bd9

Download Submit
/data/data/com.ifttt.ifttt/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4ccc1d5012f9a8a360f470a58c9604ba

SHA1
51c9f8f7e9f910813993e6eefa69925cbd8f5bef

SHA256
c4a5e6b98b1d3d3359b265615e98c7063fee7dfe656275a3d620e0ba66e4c399

SHA512
a76810411b3eca475aef549358de1fd515984d9e437be3dd2e319718467e2bdef04ded9f57e8aed930c2904d83db645e586d3c344873e8d36baefe2dc09652c8

Download Submit
/data/data/com.ifttt.ifttt/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
36b1f33bd17334735bba78092a926d2f

SHA1
63fccc48f5dd1687b6d733b94208379b9b003bf8

SHA256
895484996cd938e6cc2e3de0cdd6f6e99d9ed1c7942ba7a8e8e20f469ddebeec

SHA512
ce16afcb8f10cd48ee92a0ce1087146f09fb5d219409328f07ca0267e1211fa9d5590bb9c51d5ed8f764fb037c85e8fefd895271ca7a65681df2f845ce325a9b

Download Submit
/data/data/com.ifttt.ifttt/files/.com.google.firebase.crashlytics.files.v2:com.ifttt.ifttt/com.crashlytics.settings.json

Filesize
711B

MD5
425322dbb8021acf5a4c2c0c2aa569ce

SHA1
d6adc41229a4165f8e35b0444a2b5588148ac15e

SHA256
c21c95fae3cff56858317fadc5caaeb2626d38cafc4ad1d01ec3b692a5314566

SHA512
9e2ffa35774aa7167b71885fdfbfd333eb8b50ab05c0c26039ab2a5455a5c0228925c607f3022e2c24283c8f3eae50bc514e0cf8bb60dd82fa1d44a4b7dfa8c2

Download Submit
/data/data/com.ifttt.ifttt/files/.com.google.firebase.crashlytics.files.v2:com.ifttt.ifttt/open-sessions/661D49B00317000110EBE27D2D9A48BE/report

Filesize
742B

MD5
aaafa56b2b2e852229fd9c8cc4ee9c8c

SHA1
eaeae2c038333edd20e3bc2c5c16daac9fd4671c

SHA256
2bbc67cf929ad07a6c73f2162888fab4b456aa8d54646ea895af280d6c18bc36

SHA512
1dd5f17f3a8953072d983a4405058f387119387ed806d64e7dc95ed6a07f0e5db76649ee8db394462130729648ffb0b10149ba631ed434fabe057eb287fcd100

Download Submit
/data/data/com.ifttt.ifttt/files/PersistedInstallation2898098432350440338tmp

Filesize
90B

MD5
26983dee1997d359d38f017062c49bc0

SHA1
de104dcb369372812634bceef9ffa4920a5b9ea6

SHA256
161a4e5ddc81a88b70eb1e2417b33919bc831c8e2c6b1623b4fd13b40d6e266f

SHA512
6ca3fcaac13d489d3b8e776b1c2e0402c6e66f10c5110aa9fa995198d34f2f1e0c9a82bc42601ab678b6b4ca982dcfd0510770ba3e33b6ff47328daf6cc3b167

Download Submit
/data/data/com.ifttt.ifttt/files/PersistedInstallation9031070441749783444tmp

Filesize
559B

MD5
4f9c8c7ba3de399d4105267781718d1b

SHA1
03475a180996ebbd38608b4174a7bc551fb1e62f

SHA256
935e97dc7722bbc43a6a7c021f47529d2dcfdf7e49d792e39f57e1ae6ea30c9d

SHA512
1dd6b964fdd09158d649d1e0eb7ab5071f0dcc55a27972389976d1d9d0f905668038168275228dc523c7a4eb49e0f07ccb31b5b81d14bbc4e1a20dcee9a94bd3

Download Submit
/data/data/com.ifttt.ifttt/files/frc_1:250025215786:android:bf900c623c0d331e_firebase_defaults.json

Filesize
236B

MD5
be22e0ba35633fa9b10ec2b1a8a81ed2

SHA1
6e542c71a744802989845c7b1799c5276fe081b7

SHA256
93e3fa75dd550a9b266c8aa941486d5ba5349492cc55a607817d0e6a584cb854

SHA512
05363748a60eb07709dbba500c94c081628ed6182c0d91937281b102b29338bf3b29e094eb4dc6089290a9eef409d5733edab293dbfcea68db0b8ce9490ef277

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit