Overview

overview

10

Static

static

10

3db0d58700...5f.apk

android-9-x86

7

3db0d58700...5f.apk

android-10-x64

7

3db0d58700...5f.apk

android-11-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    118s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    16-04-2024 08:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3db0d587001285f306fbdd73d29ad62ee826a0c27585ebaaf1d993504fdacc5f.apk

  • Size

    5.5MB

  • MD5

    deba43a71712c3a501970e3fc5ab1ced

  • SHA1

    0d9f42ce346090f7957ca206e5dc5a393fb3513f

  • SHA256

    3db0d587001285f306fbdd73d29ad62ee826a0c27585ebaaf1d993504fdacc5f

  • SHA512

    331ca7455b08895c4821e24abd052f287570494862d54bab9039b0bd6476b897c679cdaa0e4f542f1d562063f18f9d076a76876d2807f37d331b6fbfcce6ed5f

  • SSDEEP

    98304:hU7aQYpE7Bm9K0E3Lw1QPenWTCORGRAhvRNB4p31aVCH90fr+6vSI:hUHY0B0EEmPCWdGRjp3cT

Score
7/10
collectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries account information for other applications stored on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • com.tech.sideswipechat
    1⤵
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Queries account information for other applications stored on the device.
    • Reads the contacts stored on the device.
    • Reads the content of the call log.
    • Acquires the wake lock
    PID:4187

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tech.sideswipechat/app_sslcache/messenger-91c1c-ce4f6-chatapp.firebaseio.com.443
    Filesize

    8KB

    MD5

    eeca61a3e85bd55075f31d03b79fadd0

    SHA1

    e0a4c0b57a2d6fed26ac68869062fb213ed2b70b

    SHA256

    67ed8b646f7c4c37c909fb0662275e929fec2f1ba661c91fb6acd671c5e8d04c

    SHA512

    63b687f89a2781458658d142aa84ec6f2cd6e6ec97d2e36de65fd92ff7fb52b893baf28cddcd11e78d7d16089e551795203642afd0fb22fc2150cf6fdc0d70c9

    Download Submit

  • /data/data/com.tech.sideswipechat/app_sslcache/messenger-91c1c.firebaseio.com.443
    Filesize

    8KB

    MD5

    ebcafda6a7be81a2e08af6b09e918b67

    SHA1

    8229e1a4f21513c4afe9bd529b46b81430b1a9c0

    SHA256

    07984c45e2d5280c69c2a32411349a8855c07f33c27f6af52fcc12929d398f0c

    SHA512

    29c2318ffff3e5a0cef8570dcaeb769aaaaaeaafea80d12ed28e6d112d072462f225e68de20aeb8d11cba806c061a15c7db900eedb192fbf382d1737f3f1a3fb

    Download Submit

  • /data/data/com.tech.sideswipechat/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tech.sideswipechat/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    a09a6e3ff3ac432d2dcbb18292c085cd

    SHA1

    9d2c3c05ec5b70f3e24881658341ac6d37c0d813

    SHA256

    88c8473ca38410801ab3dd1888d28cf855ad0d8fb6bf535e277a0737f07d0fdd

    SHA512

    e4b0274ae8ce42fd59cf64731bd7b2ca136443c7203649019c2e3f640a4b7493666b3109949f7afc5b6fc8d99c493d1ff27c7411b012bcc17e8f696c0772b583

    Download Submit

  • /data/data/com.tech.sideswipechat/databases/com.google.android.datatransport.events-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tech.sideswipechat/databases/com.google.android.datatransport.events-wal
    Filesize

    52KB

    MD5

    d6643946551688b934d354d0330cfb1a

    SHA1

    b0faf702e7bbd3a42ca5a0f84b425b404266e882

    SHA256

    854cc2f331eb861d47fe0725c2dd20dd9285dfa9b03bded06ad58a065d2e274d

    SHA512

    0badb8de426123b8e2010a64fbd5f80706c670aa604a9fc2f53de4a043b0f0b41a2529d5fee9d71767b0f6194aa7c83d434a22edf613697ee1a02f0b95cab982

    Download Submit

  • /data/data/com.tech.sideswipechat/files/PersistedInstallation1152436523881155965tmp
    Filesize

    567B

    MD5

    ddf731aeb33e6ebea82d285b9836523c

    SHA1

    ab0054af924b43d18a6db5bfd2e9c88caecf4e5e

    SHA256

    39d09161ecdd715217910940a3d0cab6fb733e935b3919e99946832a44afe368

    SHA512

    cbb83618cac7eb1b9425f0984607eedc00e9fe0bba94e569016b4f1a27f092fe146dfd7420766b744071fe9ffc5b6fdd58c7e17e33f586763163ec28b93ddfc7

    Download Submit

  • /data/data/com.tech.sideswipechat/files/PersistedInstallation8269030636755003988tmp
    Filesize

    90B

    MD5

    4e69cecb7f2509ff4dc26b2b6c184c18

    SHA1

    cdb08b69759eaac7c6d666dc81c17ed49fce8f60

    SHA256

    2baf3af328d1fefa4e2657f53f113a748d06170aa78d95c6aefea509e0c67dc0

    SHA512

    aa56e3f08d71851ddf47ea8dc5e80066a1f40123065dadd349f92ee69306d128822436a88fcdb6860cc7d0103fd72d7fdb60bb56f4df722f9ba5b4763a54443b

    Download Submit

  • /data/data/com.tech.sideswipechat/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    dfd2c920aa419613d276e39b55e27bd3

    SHA1

    8fca7d198ded675fe45da0dd9348b66188eb4c8d

    SHA256

    3c7990faaadd22b9fdf6a133cfb47616e09dc9043d48cf921e74b9028dfae24d

    SHA512

    c5ed666582dd5b7c37d68315011ff74a961470804078289c26dacf8cc20419e64e0f1a91ff59e4534aa8dbcdb72c3c6a2b970b99863cbf9090299025855b8e52

    Download Submit

  • /data/data/com.tech.sideswipechat/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    0dc842dd3380ca6aef95b3aabc497df8

    SHA1

    607dbec997fa79077284518aca96fcecc2cf2fcd

    SHA256

    4da4d0827ab686bfb8b05ac63468ffd62e9db856e65a3ef7219389caae320c28

    SHA512

    578386871fea4d9861ad5b83485f1faee2e40d41e0014c8b9397ec20b11eae2caa66954d08ae6e654faddd21ed4e22539910ff2335ab4c7e9ef51fe70228a867

    Download Submit

  • /data/data/com.tech.sideswipechat/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    85bfe45097af1520d49b8707500dcdb6

    SHA1

    99ac7cc7caa3bc7ddbd2862fa6cceaccaf490c34

    SHA256

    fbf3367c8a41a2e93a566c6c291d23ae1181f5dfd9ae64bf05d499767c7c92b3

    SHA512

    c329a13f3d571bfe495c6abf61044d0f346f5ef3adc9885a8f7ad91fa6541d6d51b828409b5154d9047f201c2c6b19b3e139b83a44dc9e39dd89b79c21ab8432

    Download Submit

  • /data/data/com.tech.sideswipechat/no_backup/androidx.work.workdb-wal
    Filesize

    325KB

    MD5

    24dddd72f3e22a352ec4225cbb0c572f

    SHA1

    b47a742cb1846d102451fd6a2fd740b37dfdddb9

    SHA256

    8c2e827408b42e793168eabc0e043bea3f4f332d27a0d5fba50b5877ca599c06

    SHA512

    708a59c7425bcb07b03c96a8349856bb6c3d960b33824dfd82c5e98d0f7b6f4a16948f0f3d0056d565a6af828b59ef91c0671ea6f8d435b996494d9e26416630

    Download Submit