27afe37ea71ba6992ab6493ec24cdeeaf0d368af4a3111cf4a2131efb2e924b9 | Triage

Analysis

max time kernel
134s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
22/04/2024, 08:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ochi_release_1.8.8.apk
Size

76.2MB
MD5

097fad4bccc8f7872f92c1cfa22d31fb
SHA1

613e2bc56026b855921d4488f9ab1db44001f20d
SHA256

27afe37ea71ba6992ab6493ec24cdeeaf0d368af4a3111cf4a2131efb2e924b9
SHA512

e25875165ffaca91d8a904942c8b5b088b874bdd7c543d6d53723f29c50744abe9b3443f7363aa84b025158de0f621191c7efe4c374e1ceb903f132f62eca14c
SSDEEP

786432:a3a50Q0VH1KvBR8t2Clh9hWW9ibC02jxwNMbg38tEhNOjr:a3WXcz9YLqoMb2Ojr

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

Process Discovery

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.gss.ochi

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ua.gss.ochi

Checks if the internet connection is available 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.gss.ochi

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

User Evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	ua.gss.ochi

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ua.gss.ochi

ua.gss.ochi
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4454

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Hide Artifacts

User Evasion

Credential Access

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.options-cache/environment.json

Filesize
9B

MD5
3a105b3e2f62041c2b723f4d6a539302

SHA1
3559e0e24145ee5a84ac868f9256e1519a8865e8

SHA256
847dbd914599c4e12e39663e80a07a220b686f10c6d24132ba1c964980541456

SHA512
4531cd1205aed6baaa3e6e552b7a38aeb0063720c47508a8728e90390d466919ea9baed6f29cbe7cb7de0324325d3c06bb2f6759d223aceff288298c481ab135

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.options-cache/proguard-uuid.json

Filesize
38B

MD5
02d42c4570b41ffab2c4952f183a7dbb

SHA1
58927a7db427ffdf513dbb76884045e02b3024eb

SHA256
10f20544eb43a84c0b4b8df4961cd73b668b421f7963575f23ad5ae81294f27b

SHA512
3d38ba31b43db65decb74534e637d9a3f3b3c06bd0f5f9c878fcad4eadc8a7e3eea06f72e7e112ca360cb47211d8785875aac91238e92e5eb20a2d275441c5dd

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.options-cache/release.json

Filesize
26B

MD5
f12a2b6ecbd46dff3e4b202367b8e40f

SHA1
c70201a00cfa7741ed42e450f72a4e15d5953a25

SHA256
d307a7044d892fbc39340f38d371816fdede04e2b3bf2cd6a03b1b2fe7a735a9

SHA512
b6d4b4c3c8c9bfd386356f750b2d5050d3ec2dd60917f6c0053d0b8e11195b151a383971fcf9469e55d79b2a0d813f1546db9f494ddd0f27d1f0c4d634aab882

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.options-cache/sdk-version.json

Filesize
492B

MD5
823463bd207c32e6b8301158a3f5ce58

SHA1
627eb7c9f9526bdbb45e770e6cf1924c3a6ca5fb

SHA256
da93b4dd5e9c2b53b38929fcc9d3757d6d1c00936a4524db5727d58ad8209e8c

SHA512
20e8fdcba0510b4a8663a2504690a8f9cdd17eaa740c8e7b05081403d2004c59b5826082c10bce662c251a74452d4c8eb9c45917f512d04b45fbb8b3282d025d

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.options-cache/tags.json

Filesize
37B

MD5
870232d73322aba78d03a65291203cf5

SHA1
2027c68970952911e57b663e3005f907dfd877b0

SHA256
78468f9cfa41867b296e25329fc0b887b670fa865a21642e57fe15fa9f931b40

SHA512
1892deed453bf8ac9384f93b00bed309251c0d26f9c4a9d1f8250393a9b26f8bbeb0ac36692532f123cbeecab37c4ffeb29e51b275b66c39bddd9b328957262c

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.scope-cache/breadcrumbs.json

Filesize
517B

MD5
8176b86368cc38415717c95b9c3e185f

SHA1
2226742a7ed9d97defcda80b2e68ae03f9deed6c

SHA256
8ba7a5d3a01e78963b8f9eb24b785bb59800df089d2257c47c36093f61991df7

SHA512
f112ad1c8e820adaefeeee2f38f37ad0e074bc7ee1d95adb9da0f6188a42653d38835adb53ebba3b91f27ce411ec63eabf2d2fa697ef22d68d5a59f492f95276

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.scope-cache/breadcrumbs.json

Filesize
670B

MD5
967e1017fe594dc82c7ccdc704bc77e0

SHA1
404e3b34cb722e5623f3813cb659da6ef525cd57

SHA256
53b53356497cbc596e569698f8ee1515076b3776d817b923c656f2d347c0446a

SHA512
49bf662e73335a4f04d6465dfebe0d57cc417daa3ab705feec9ac685ede9d038db8460d6c980dce0ebe1231a04ffa5ad6558c25df45388b1ad36e6baf6f80a22

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.scope-cache/breadcrumbs.json

Filesize
823B

MD5
a61e6440b1bf5b512eceb351ec0bc0b3

SHA1
7cbd1a84971d67ef31cfa437a91a9eef2a4fd34a

SHA256
6d7e05a3cade3c84013e881257082c80de26a6cfab30cc8e465567e4ffcb1fed

SHA512
d9242247b8af0fb8d30e46af0f1be5f5eea99f9ba655ffa7f250125f3881543bf3a49c1ce6b3a24bf26bed7b0af0585da9a0ac671903e281302fa102741d49dc

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.scope-cache/breadcrumbs.json

Filesize
2KB

MD5
5e8af4521af25c9476104f2f3177beec

SHA1
36f960416692934e0e35f558c99b4102aeccebc9

SHA256
1dd8c6ed0b4d24fb6e036ac722eae37a083508b8354fc3d192f8afd382ffecb3

SHA512
24743da690835056075ad3a610777baea4768a773ea4994230ec8d32dc8012e7039f705e45e3283c43f18cdc5efe7b5545bc7a58c8cb164f69180e12cafbf979

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.scope-cache/breadcrumbs.json

Filesize
384B

MD5
136eb5c89136ee6be755059ef26c91a4

SHA1
3b14cf30ff14a59eb82015b9604e4f09955e1da6

SHA256
1db2a3d3f419e0c6a5ef9b41d5e292f5d65261b2f955af2c791ab33c50ff5175

SHA512
1de6ce1b9ac13873bc7ea26ce5a28e804567254e37c5d5a8de41d28e96e61a2bef250a7b665a04bd05cd3d4af78fe35581cc52d4a779519f0680583203921d7e

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/.scope-cache/tags.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/741d435d-9ea0-4764-9799-9cc0f7918cb9.envelope

Filesize
843B

MD5
7b9e0284f18d7adf601347428f3a222b

SHA1
b497dd6b2ae64d5d403b8da4fae154e841fea8df

SHA256
a036db09a6d8df5ef8b37839549da732d8147e47c649e6a632757e03c22e1083

SHA512
0c4e7c9ec10b33c2cf6373022f584cb5d6230139fd33b1706eeeef0eacec8b2d558924e46fa74864313c7f533d2c0f9794be0c7148fcb6afa2ec09675d174e56

Download Submit
/data/data/ua.gss.ochi/cache/sentry/a848462b2ceefc83abd09069da88f4bd1b9c642a/session.json

Filesize
275B

MD5
c5d21e01f894dfc153bd38ff738f2aa9

SHA1
3a6dbcf1ce73793110c3ae51e1688fd0c7148146

SHA256
1b436ac8fb630b617a17be4079b756f60451f0e92952600f1331950fefffffd7

SHA512
32b600ce3d6404031975dff2ee75ea8d673709ed5febe2b9303568a678e5b51cf2e80e959984435f53f63e519f9c1ca64f1c154f0d6d6983a40849b33fd106a4

Download Submit
/data/data/ua.gss.ochi/files/INSTALLATION

Filesize
36B

MD5
79e1eb95d78bec930cac7fefd5c0bad6

SHA1
425de502de8cd27e2baf8107cdde64716a932c34

SHA256
0357bd8e1ad8fb45c62b0c57598cae64be756cfa9074ff17ab4912382ab0bb53

SHA512
9f14ced8975803d6106b296023389d768c30cfc76e837aeb14681ce85f4a0dd5e5b07c75318c4454cee1fdac2876a977945f202f5b9db656893f4a5789bcf380

Download Submit
/data/data/ua.gss.ochi/files/profileInstalled

Filesize
24B

MD5
a7bedf35419791a6ea9ce6ed6e005910

SHA1
739080afef0b5abcc53aa1a128b42dd54db98a41

SHA256
0420429b2908617ee415e3addc681a20ea087594290c009bbcd774c778023fc9

SHA512
0b31b2797fd2b6de20fe7698ff448a6002a104b356d66d33973f017925786fd1608a97211f8edff6f40190519f4252112e9d192df168c3f0aadeeb2ca9a8bfeb

Download Submit
/data/data/ua.gss.ochi/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
436b98056eda95756534c8e4fbe15fce

SHA1
5ffb92c2325d2a50e8baf90aad3818c8702c2487

SHA256
21a9a7888341efcc0a6734383d077c95045d0be3b7a1344417f8cce07fdff6c1

SHA512
69240fe80024016148000af92877fa06bcb702d34337c3604db15c728e059ce7538a988183a07b28dbce75dcaba0b401e50aa3639cf37618788bfaa028949e1f

Download Submit
/data/misc/profiles/cur/0/ua.gss.ochi/primary.prof

Filesize
2KB

MD5
32af2367b0397c1234a8056f5057d026

SHA1
85452fb214e82fc0f2c5760ed4572928345b85a0

SHA256
9a49553d6b2e889d1452adfa43ea294bb8793f19a4b085710c223bde4ca420fc

SHA512
bfbad1bdcc363dc249987d8a0d71159bb2bad6da8c5b783a5fc43585825b83915818f0f0011dd5e436f0655ec61d44d16e3456ac995bd980caf9719db0d5f833

Download Submit
/data/misc/profiles/cur/0/ua.gss.ochi/primary.prof

Filesize
12KB

MD5
dd9eb2ef60352506c96a03b6df2b1793

SHA1
2720f1d26244c04ef312c52b4856bc807b4c4293

SHA256
4c8e3d98e04c548b7aa08e5da6be102da435ee9708c09acdedb69abdde7255e2

SHA512
763521e23424af9a3eca0b87c07468f7511e81b5160417a2ae18765a5b8069eca835b99c5c818ca2e6e548f8f2147033c46f06a9a372b66f5a41b426a35e3db3

Download Submit