Overview

overview

8

Static

static

6

c17d5c8b8b...74.apk

android-9-x86

8

Resubmissions

02-07-2024 07:23

240702-h74t6awbpr 10

22-04-2024 07:29

240422-jbclgaha6t 8

18-04-2024 07:14

240418-h263bsed84 8

Analysis

  • max time kernel
    598s
  • max time network
    603s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    18-04-2024 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c17d5c8b8b68e6e574688e93b9c80e4cdcb15162614f465be0baecec0f261974.apk

  • Size

    4.2MB

  • MD5

    00aa9900205771b8c9e7927153b77cf2

  • SHA1

    b43094c27584f5e0fc5feaa5c621e56d7c2f3ccb

  • SHA256

    c17d5c8b8b68e6e574688e93b9c80e4cdcb15162614f465be0baecec0f261974

  • SHA512

    a19d2e339b25bea61b158bbd13f632793aeb4c3f20776793dd0bee15c4bd9283644d7915d55b46b6adf5803ca30651392dc6ccb40f843bdf0c72208fb70890d1

  • SSDEEP

    98304:FZxlRoI9e3PxUjrBbuF1voH30PITIgN/S6zYx/EmZMRye0vLOYrlQEjLE:Huke3Px0u/QH70OYdEmGye0jLc

Score
8/10
bankercollectiondiscoveryevasionstealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries account information for other applications stored on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the MMS message. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Checks the presence of a debugger
    evasion

Processes

  • wgkx.wuar.jbkl
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks known Qemu pipes.
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device.
    • Reads the contacts stored on the device.
    • Reads the content of photos stored on the user's device.
    • Reads the content of the MMS message.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4295
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/wgkx.wuar.jbkl/app_dex/classes.dex --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/wgkx.wuar.jbkl/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4366

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/wgkx.wuar.jbkl/app_dex/classes.dex
    Filesize

    6.6MB

    MD5

    a434e967a9b2cb476844050a37efaae1

    SHA1

    e3c72a1e0e848787dacb5844ee53a6e84de5fc4e

    SHA256

    a8b55f4f939040651a2ae22dc971433262ce37eb61487ec9fe5535e9fc5722b0

    SHA512

    549c2e07acbad0719a720fad187646fde54c4711953a6d0e70bd1c7d967d816d5aecd8d3c7098c0f987bcab23d0374e98438d6e4090260a70f7d2d8e284559b2

    Download Submit

  • /data/data/wgkx.wuar.jbkl/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/wgkx.wuar.jbkl/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    6170c909aef2df881bdbc129229a0386

    SHA1

    75c7b51524479918fb117fce9141fc5a7e1cbbcb

    SHA256

    efa72db1bfadf17f12881181de6d972141e0420e31d0dd55cb0b229b51ae23a4

    SHA512

    1e6c1c1287cc808462d513d48e538a6e1cdb6961e3f24eccbf6239f4b3abec6763515d70ed30eef1deda4937cea96f2f25f780b76c220e61fc77059475b75bb2

    Download Submit

  • /data/data/wgkx.wuar.jbkl/databases/com.google.android.datatransport.events-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/wgkx.wuar.jbkl/databases/com.google.android.datatransport.events-wal
    Filesize

    68KB

    MD5

    a4b87f240506f27c335a036794e4af11

    SHA1

    12240703bbdcff2163c31573342e3bb173a92325

    SHA256

    782069b20f28e5231027bb35f46db7aa1cb228247654867c456637a813c5fa56

    SHA512

    b7464ef8b616e869bd6affaa21d503720d843d2047972f58f275b82917225a27987356f7ca960a9373868ad18f234546e7a3d0673aa1f4ff526e5f8f671ba2f2

    Download Submit

  • /data/data/wgkx.wuar.jbkl/databases/mqttAndroidService.db-journal
    Filesize

    512B

    MD5

    38ed70681928742281b9877709dde2da

    SHA1

    ed49c4158a9bdcac2bc19e5563ab16a7e5050139

    SHA256

    e6d6bcb075dcc196d882ca2f13b77ead735b99b9622c40735945c124f08ff6fc

    SHA512

    81c2ac79e8b0c147ff199e5ade16174af8a19558eeb9184b8a7d8c2a55e3dee8dbcbf0725e1273baf1c6d16a7cd0cc3eacc0e51aa3df2bc55ee0a57a92ef9d79

    Download Submit

  • /data/data/wgkx.wuar.jbkl/databases/mqttAndroidService.db-wal
    Filesize

    32KB

    MD5

    64006f5628ccf2d1b60f8e2b4422b390

    SHA1

    4bb7b4952cdeb4079d4e2c918613a9d569a383a0

    SHA256

    da5c8978f3e2106ee13f6d92f2c840288729446fec4b19f98eb6fe2924f52649

    SHA512

    9ee194263849f86a29b1e5ad5070b67d45fc569d4a6fff6672ffc2729d59961368a20d523a3834c40f39db696e3fbe8764298c5526fd49069027b44775cdd138

    Download Submit

  • /data/data/wgkx.wuar.jbkl/files/PersistedInstallation2616186493402094780tmp
    Filesize

    568B

    MD5

    d4f3074dffb3c3dc68ca2d99d83287f4

    SHA1

    e8a1d2edf30911186067aff1a4a20ac909a13765

    SHA256

    16816a82f053844f86434ab5052a35711b69288ffdf94a45a23e2a690683cb76

    SHA512

    dd8b8303ceb3fc666999a03e5af7d6e9ed58ddb615e87c1b7038c5ecfef98f6fbc8fb59ab3f86b0cf454c472e502759956f80653f9db5af969ea515522bd7c97

    Download Submit

  • /data/data/wgkx.wuar.jbkl/files/PersistedInstallation8486942553112508867tmp
    Filesize

    90B

    MD5

    a5c804fb427b54572e2e534e035af280

    SHA1

    20166b1d7ad50e477051bb24f0372664668c0020

    SHA256

    24a5a8996d9a4eab069dceeb3aab79ca45c873bf6ce07cb971436210cdb2eff8

    SHA512

    6711770f6c918cf54df390e7a628b2d1897191ec59db8acb26644a44a717fab84828bfbb8965dec73030ba48995790fde230773ccf01d67d546392e2f874a812

    Download Submit

  • /data/data/wgkx.wuar.jbkl/files/mmkv/mmkv.default
    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

    Download Submit

  • /data/data/wgkx.wuar.jbkl/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    4744571017cafc1a93d4cdf2b5f24240

    SHA1

    01abb13384c78140e705cbdf46a2460c17d6fe79

    SHA256

    da7c1c67a5adf549016bd7fef59c0d267ec1de85111a058afc546ab2cb12fb0e

    SHA512

    c521d9c34edd0a968e1cddc01b6788d34211fc10c97752546febaa6933ac68bd1f4ac8e805950b86f407718565be26c5d833c98cefd0f24e2320e2dbcd3c00f1

    Download Submit

  • /data/data/wgkx.wuar.jbkl/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    bc60d96dbad02cfb4bffad6ec9e4c022

    SHA1

    976b93289f7da353ff2af5fc2c17e923e71bc1e7

    SHA256

    40176d5d05ee3693567c1c946bd79ba3ccdfc3bd096d6247fbca50c07b5ef89c

    SHA512

    54f3f0debc10f89d0dc31e18e5af855b197ce4fffe5c0d48e3b8dd723e32c74dd0da90e3b6a1aadbbd2e7f22b1806cf9fdab5c37c61512288b29dc879165136a

    Download Submit

  • /data/data/wgkx.wuar.jbkl/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    d030ee85432e122857ed1a88be202000

    SHA1

    74550bfb74de89ab75b522a4158a6c6a9b53c0a5

    SHA256

    500b551b803fd12ba4ba8655b93debca4fdc84707f27b324ebad78dfc97251cd

    SHA512

    aaa86c2b8655970174e39b36f00bb61b12166a0d468e3eb6b2b81408cb04156f54b46a8aad3501fe05f57a18449b21779e1c0accd4a3cff81bf416c9a2b64625

    Download Submit

  • /data/data/wgkx.wuar.jbkl/no_backup/androidx.work.workdb-wal
    Filesize

    229KB

    MD5

    291e94e1e664558324e57673b7d4a0b6

    SHA1

    1d7f254829a88890d820771ebca8445772f01d27

    SHA256

    c3c4a93d544821eca28e10ea1429724ed506c5b8c40e7b58ad205349b28a015d

    SHA512

    7f1fe68c90e3c899878615a820a415e71febc24d5eccc0b65a373d5778e543849d8790153d63275cd35f936a7dfccf711d4adb55ae7e0cd110b6d1068f2e5465

    Download Submit