eab5bd8692881373181f8b4003541df883e9bea63d12c2f628a5985ab8ee5625

Resubmissions

15/04/2024, 16:21

240415-ttm52ada6s 7

15/04/2024, 15:36

240415-s2bxascb6z 7

Analysis

max time kernel
122s
max time network
135s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
15/04/2024, 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IFTTT-4.32.0.apk
Size

19.3MB
MD5

aaf5f98b27ce47f861c63f862f0a7035
SHA1

affecb2c857069ac3f30f7db56d6c6b5dba17e58
SHA256

eab5bd8692881373181f8b4003541df883e9bea63d12c2f628a5985ab8ee5625
SHA512

dd027635991ca28d968933bfc254d9c1145d876343c25bc1da343e836bcb48f2fc8811ec06689f7d5e813627fde11a4ba4acf4c57d9e27cc267517f38e398a68
SSDEEP

393216:15FU2Fny9oI5+tVzIQLM12fu55bg0Z9UGHUBSXwRjFHRx0gHlEe5MOk:LG2FnQt4tCXgfuT/9UGHUBSARjFHLHCB

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ifttt.ifttt

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4313	com.ifttt.ifttt
/system_ext/framework/androidx.window.extensions.jar	4313	com.ifttt.ifttt
/system_ext/framework/androidx.window.sidecar.jar	4313	com.ifttt.ifttt
/system_ext/framework/androidx.window.sidecar.jar	4313	com.ifttt.ifttt

Queries information about running processes on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ifttt.ifttt

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ifttt.ifttt

Checks the presence of a debugger
evasion

com.ifttt.ifttt
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Acquires the wake lock
PID:4313

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ifttt.ifttt/cache/ndk_crash_reports_v2/network_information

Filesize
79B

MD5
ab90f7843176c67df6bb9aa4366865e0

SHA1
3d65cc06a08c4b9093f68ff8ea5232d8652d6f72

SHA256
b8eb61758ab3e94b62c52111a981799d1cc4ed033602e093a751e933df68477f

SHA512
c027b436c20172f9e92d44256d8dd64a4e5e54200d7699abaabbb53cbb9161bad7875f0d98939c605e1997f054061d4057c7b48213ddc98993a563d392dbb5be

Download Submit
/data/data/com.ifttt.ifttt/cache/ndk_crash_reports_v2/network_information

Filesize
83B

MD5
4ea2c84e42b366f847b13c9d864f9c03

SHA1
669cded3439472e9c30989fa5198c697022cfae7

SHA256
3c44ef68dd9f70a75b8a2d9f583a0530c41ebbe48c7285b7533d69431e498d3b

SHA512
f0c7c46a2e0dc14a5edd844b787aecb9dc89fbadbc539145f4bd4b19aadb66101b3b1e8732dd5ba88af485c71fadae8b210fc225207b87e741e6b87ef9ab7ee3

Download Submit
/data/data/com.ifttt.ifttt/cache/zendesk/zendesk_media_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.ifttt.ifttt/cache/zendesk/zendesk_response_cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.ifttt.ifttt/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
6708520bfb7134c43feecb16449c8328

SHA1
a9e5e6f2ead908240de323cd8954aaee3de45da7

SHA256
fc616c39e4c8f1c0680253f29ac28299774adc2a2f12c2d41463c9acbfe312a0

SHA512
bcebd88382bd5fbfbd738eebe93795374c19154b3a99d9cfeac0a7e2c543e510d43e1a85bd7bfcd0b4309aa00176d7b5ef7b7c808d803d83af1c5d4d192db183

Download Submit
/data/data/com.ifttt.ifttt/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
450dfdbf8132533aac1dbad27e5a3730

SHA1
e900e0a68baef4dcb5381cd8e8f395109d313352

SHA256
df3fbbdbc6b1dce64f57be90d585521ee2c1b7b34cf060ee57276250d93d2db3

SHA512
44cba47235274e07724cc135e976a4c09e44c93ec9e4c96f8fa3523648044ec040ca84cee61b1abbd504669b9924eddd70d8a66d3d695e751ac2fd81a913d43b

Download Submit
/data/data/com.ifttt.ifttt/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4921f06218128302beea2ab4d262a978

SHA1
0c34b8273a55981fbfcd8f55e5b54f6c3e4ce808

SHA256
4ef4279354c2675c8560019e725463457cc9ad3c7c00a4d1e9ee13ea3c5180af

SHA512
9e62a7d1e30c0041a0fe25652527a3642cf7ea8bd12691c55f6b8ab3e2e61b4f9389fb474dc435e2e64294af81e32e4ff32f6eea6b430f2910903cf8e3b7d44b

Download Submit
/data/data/com.ifttt.ifttt/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
dd1a3d64183beab037cf300d9d9dad1c

SHA1
c185bbc752254b29437bd037d1cbb2b8c6b524d9

SHA256
e58852c5901b1d843265d51f2a6bbfb2de2d679f245fe78f1c6c69a823f91558

SHA512
eea5bcd653efaf09ec6d94149a28a89fb81ffacac5a0cc2f5677d208e635574cf8c1120e6132db522a9926eaf36e980258c1cf719b644ab0da005292d3bce1da

Download Submit
/data/data/com.ifttt.ifttt/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62ad4a05cbdca7f47b3206b7dbda487f

SHA1
4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3

SHA256
18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6

SHA512
0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6

Download Submit
/data/data/com.ifttt.ifttt/databases/google_app_measurement_local.db

Filesize
16KB

MD5
201269595155a117a40d9ecbe564f92a

SHA1
7ac932c098e02a2509ce0e37aa895558be8fbbcb

SHA256
9e7374d4177a16fe4855744e68a655cc616990b0c2fbe84885fa65bb048dfb60

SHA512
afc12ad59479c18b20d334ea372ece8f444eb82be9fba61ed6cb49a02b51e970ccc6c1568e55e58cda3f4952d1491610b5d75d9a1f01ffe0aab1a32f55c39aa7

Download Submit
/data/data/com.ifttt.ifttt/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aac023231498c4fec2b655c9f623467a

SHA1
01e632d67820bd399cfc937805fd3ed24e2e5817

SHA256
21f69b4657ffa6442803811b9b3f66a36382d55138f621fe147a244c95c03196

SHA512
af84f69c2cf38834827ce0d03588f829a9c595b29a42604bece375123acd97fbeba8610ec3e277ce2e733bc26639bfd8360fe2995368ec3d296761a3024a9e47

Download Submit
/data/data/com.ifttt.ifttt/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ad3aebc5b0c0c7e6e8c6ae2fd68dae54

SHA1
90590155e597a7b683c2a295eab5f19643293b55

SHA256
97e7614e44a09ff1651ffbd6814b6ac627b5fc8b24fdf09bb263d3aa9126389e

SHA512
bc231122b40f5536dcb438b6f5bc1dba0b6101b0d5302beb954b7a80f1b909140f236aefd0aee51a2ac461347e78071a8cfd98132dbd0344e2bb75fdb5edfa98

Download Submit
/data/data/com.ifttt.ifttt/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6a5aa4d945845ec31a1b85fff9a7ed08

SHA1
26033fb254c14370ada2b0d6eaf96f26efb03ef8

SHA256
608f5dbf5458b7e7423d2f2257be71592ac00da183bd17415633b316685f058c

SHA512
b8b57f6f9d5a2adda486dd32217f97f18f17a6be16e0681c02d2aa2bc5993b90b2ba5ca3ac65e1caad03c8100e22ee8c2448e84cec65a9826125eff7bab51c49

Download Submit
/data/data/com.ifttt.ifttt/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
0b560e46ae0a35581308ef98e1c9f711

SHA1
d480ab969b90c10f54acbce91390048dd3b58841

SHA256
25f75487024d911f5be7729d1d78340299b4e7e6e7dee0c0faea68287fd570e4

SHA512
fb2fe5af1264b680d642e0bfb321ffdfcf174e24e831049779bfcb80199413e42129ca17f52fa7b9e5e5fa86aba2195fd5360379e1b39ded12753586216693d2

Download Submit
/data/data/com.ifttt.ifttt/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1890f780569022c0aeea618b70c56388

SHA1
fb732c6564d148d13477eedc500a4fe015450189

SHA256
f48e9177213227bec4c955dfab86fda86f16d669f24eac29d788d3b4c3d45d74

SHA512
d1417dd6f761e222fadbb6ebae5887c848376ffd19469e0dae0f183cf7a0a5e8bb2fce8f9225c66b9516c72e02c9113fc5ef8ea1c1c207482d3dbaab95cf587c

Download Submit
/data/data/com.ifttt.ifttt/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ffa0cea658b05cd0966eccd8bbfbd273

SHA1
d5f3c8246b38addd623aad1cd5699484cbc0a9fa

SHA256
1eb08379e56b8c0278d4f41a8cf77447864facabc68b2855d6f0e8dcafe648cf

SHA512
d47c99171657b0317844eb852679d6d0780fa36da2c9cb1df92157ec450c67a170ea11838abe517fc8ef49813c3999bb019817dcaf0ceaffbc32a1e982d6ad01

Download Submit
/data/data/com.ifttt.ifttt/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
808d93a499903820d45e1342937ea19b

SHA1
5670cdc6da702d83788a7821231caa1b2d12440e

SHA256
d879df761073db31e48a575d1c31dae2d354e394f74a981788b369b9d077c352

SHA512
62e78cf296e3a7c449a0c1843bc9530b7444d60ade82f52fce4191119aae1577038bbe5464631888391d50ac453bcf53cd56e4909d5bfede968c0119ef9b5d53

Download Submit
/data/data/com.ifttt.ifttt/files/.com.google.firebase.crashlytics.files.v2:com.ifttt.ifttt/com.crashlytics.settings.json

Filesize
711B

MD5
1cd1a96f3b22adf3e5ce389fb051adc0

SHA1
99bbd3e912033086c8aa8a95f5205a668fbc3aab

SHA256
e442fe4cb93998072cea13ed5211011a19b023be92b813b0fe371389479b3edc

SHA512
2d72b25de5b947bba5b11e92750dc5cb225f96f50036488960095b5e08b0f2eb68d05f935b01b0d2796ef10eaa4fcfb8dc8f54459cb08a6349c4a08664f62986

Download Submit
/data/data/com.ifttt.ifttt/files/.com.google.firebase.crashlytics.files.v2:com.ifttt.ifttt/open-sessions/661D540E01FB000110D9CEA19338DBA0/report

Filesize
742B

MD5
dc908275746cfa4aacc3fd2035f51fd3

SHA1
491801dd0ba03f904e730ae3593d4bd8ad0a199e

SHA256
53dc43df130725a510ab9e843d7960206767e4d306c794cf04201f10f4d76eaa

SHA512
9deefcad7421bc1550f155495c73c2cba2393d5f5a1fd798b45cbd6249af64f10d280ee4a6442b099589378503d6221246265f5f2520c9f887402bf3ac5c45f4

Download Submit
/data/data/com.ifttt.ifttt/files/.com.google.firebase.crashlytics.files.v2:com.ifttt.ifttt/open-sessions/661D540E01FB000110D9CEA19338DBA0/userlog

Filesize
88B

MD5
3ad6a7faa043e59ba997e95960e2f153

SHA1
1af84665df2665028c11c7cf0c784940e99601c2

SHA256
9c3615928f5c598f965d74bbb3cb2b8815d62e88872635cf7157d88d4ee571d7

SHA512
593081387c4165616453563d8d272be6e06ef24f77b7fce768aed7ef3fdf380fbd8ac95d81ae7cc022d3648feac2734453d9cf7ba5c5a06435e6b764c4d617ef

Download Submit
/data/data/com.ifttt.ifttt/files/.com.google.firebase.crashlytics.files.v2:com.ifttt.ifttt/open-sessions/661D540E01FB000110D9CEA19338DBA0/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.ifttt.ifttt/files/PersistedInstallation4214027784073084706tmp

Filesize
90B

MD5
49eedc0d1eb75f4afea87db943c63946

SHA1
3a948a8e581ca9c4723023b67037a7dbcdccf08d

SHA256
b84559d611af9b0a62df1199320745e998ecb08ea1796b943cf96195f02be91c

SHA512
cc126527cdbad7d17b5396d477a37874cbb886badf1d38a7a508085f8888e3aafc46afbe2d241566e7ad61baf734610c70e27e510bf5e8882a34b6bdaa299e36

Download Submit
/data/data/com.ifttt.ifttt/files/PersistedInstallation8852012186500061320tmp

Filesize
560B

MD5
25f109b85767f2eef8b5c105019d74e2

SHA1
42d33caf51cd9c8e8e3e3bb294a11184a37afc59

SHA256
6430305f106ad97544ca999bf2cd18ad4ddaa7438f3f54cb3aacbe19688ebed0

SHA512
ff5bebad9ca68a9cda9ee158759b9f557157b4574d4a6d27df8a2c00a5e357602e11d8685cc0c766f60fb300e81de0266e7349e464f96bc3b5a64add25afa423

Download Submit
/data/data/com.ifttt.ifttt/files/frc_1:250025215786:android:bf900c623c0d331e_firebase_defaults.json

Filesize
236B

MD5
be22e0ba35633fa9b10ec2b1a8a81ed2

SHA1
6e542c71a744802989845c7b1799c5276fe081b7

SHA256
93e3fa75dd550a9b266c8aa941486d5ba5349492cc55a607817d0e6a584cb854

SHA512
05363748a60eb07709dbba500c94c081628ed6182c0d91937281b102b29338bf3b29e094eb4dc6089290a9eef409d5733edab293dbfcea68db0b8ce9490ef277

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit