4715336465428fb547799b21ab6cb5d355a12c522acad283e3bfe5607666c440

Analysis

max time kernel
48s
max time network
68s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
26/04/2024, 14:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

File_v2_86_Zippyshare.apk
Size

14.2MB
MD5

8cad325b03eada1d4a189f1153605a53
SHA1

c5ca6b6854f2f89aa4b270ab2a97a31337225c8e
SHA256

4715336465428fb547799b21ab6cb5d355a12c522acad283e3bfe5607666c440
SHA512

90a7979fa863a13217ac9f8dafcac6994c74f81695d78059c7cb26ea67dfdc4fe44f6450512ac14cafcbd3cb1df30a4e184138af16cd4b330eb17226b1948d1f
SSDEEP

393216:3vyFXx38+xLNuxfjGKeawX5+Yn66nnJKs:K9J8yN6Kkg5tJL

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.hardware	org.jtg.kvvi.cuatp

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	org.jtg.kvvi.cuatp

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/org.jtg.kvvi.cuatp/[email protected]	4356	org.jtg.kvvi.cuatp
/data/user/0/org.jtg.kvvi.cuatp/[email protected]	4356	org.jtg.kvvi.cuatp
/data/user/0/org.jtg.kvvi.cuatp/[email protected]	4356	org.jtg.kvvi.cuatp
/data/user/0/org.jtg.kvvi.cuatp/[email protected]	4356	org.jtg.kvvi.cuatp
/data/user/0/org.jtg.kvvi.cuatp/[email protected]	4356	org.jtg.kvvi.cuatp
/data/user/0/org.jtg.kvvi.cuatp/[email protected]	4356	org.jtg.kvvi.cuatp

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	org.jtg.kvvi.cuatp

org.jtg.kvvi.cuatp
1⤵
- Checks Android system properties for emulator presence.
- Checks memory information
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
PID:4356

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/org.jtg.kvvi.cuatp/[email protected]

Filesize
1.1MB

MD5
df762d4c23232fba7e2f619c6466198a

SHA1
1033ee15eda56237ba118624c172b43085124afe

SHA256
8ac8b5da5392a7a93708c9ddf10c9291eff0e6ff0bf1f92a1294dadd768093fa

SHA512
4cc8e54bc0e08efa5ecdf840af46ce1202edf7621f0d058a32ac2982e59d69c6fbde867d7cb4781472c3d6eee36540cf11a54ae27c4ee4505ab7b24d9fa19431

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/[email protected]

Filesize
431KB

MD5
e1286c45e9d758c6727cf64254fd4481

SHA1
3e5a3a768a152aba31a2beff6bf76cbc1f2b9114

SHA256
e4f39d66f221b8278d1e9d7e7f4e243e0094431ffe436212c1a1a6fca1815dfb

SHA512
06eb0792cb8ce53003a87f29820926fbcb48809ac3d47ed97ee4bb12796467316925cfedf8e7d20a371e3d1764c0692587830bf2ce12258d16d3a857dce39c0f

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/[email protected]

Filesize
2.6MB

MD5
2dda1ce00abd061023ffa910f2534641

SHA1
bb6296bb356308d86f4b675da7d7e5c3e62845ea

SHA256
0cdcf7af9d94ac98c6ec9fff7d0cba057791a4ee01d19fa11e4ed7a2f5c42a77

SHA512
063239eb839abfac92028e07b91e7b0be1cd70fb41a53a7d648eaa14034083e4d496ac4b8af7e6d0c29e6b78635080ceaf0d2c379e89e8385383d2bb86629195

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/[email protected]

Filesize
915KB

MD5
2f5cff961c1e8cf1dc1890f2a67f84ad

SHA1
175e5a1c2da8fb7ff35bbde72ce3fab960cb7f17

SHA256
c39507f7737a38176409175efacc5c98bd9f099572c781ccc39c0577c53405f2

SHA512
c9cc1303899e965c3801af8b23392d8e1baa4399a541c815dcf97421189dcb77e7c2404b512cbe8c09664000984268ed397de5bc1e8ca945e45c1d87be49a886

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/[email protected]

Filesize
5KB

MD5
268d50b21b11ba0c0a2f4dd2657af303

SHA1
b332a73dcf13d9301515bb1bf494b5620b7a70eb

SHA256
a5e469cd373816711d727a406b374a328e021ece5a980738cdf33684d7280eed

SHA512
4f7d8451c5fb7ac4a1458939f4e3db597cd502792e0b6851bdf3f9001069d1c5aff35a4d8879582034ba1c1b225d420cffed47151ba4cb184c93f238ea292959

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/[email protected]

Filesize
6KB

MD5
e2462ad31480e2a1bf4d9bc5b6be92ff

SHA1
8e62c9d1e3f4a683b63a82fe385d8cb7efb4c45e

SHA256
3a55c10bc9c9811c9f992aed06a6163bd652ea5b534867055ccbd6b2d49887bc

SHA512
ef7312fb2703ddacf206656ee73ebefc571346e53ac01a2ed94f958e55bf8c996ddbdd39895ba358eb288365c2c12f84417f71fa3bac24e4e801437bd31dc15a

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/app_59tmdenpb9vhh81cq5mi/cuatp.dat.jar

Filesize
2KB

MD5
ccd2ad56265c8ad6e6719daddc78f7cb

SHA1
479b84a46c3ddcf5e80a91a34439f694c2cdbe7c

SHA256
612989c4d48f208d3f326c530ffa76ced1905e832fcdef9e72fc99c756605c84

SHA512
ebcbff32534aed3b65b61a8a401fd735e850c5617e976dbb0721a734ee1358bfb972b0d481a3625931e9d1db8d0b799da2b0a5642a768df3fd2b6e361290004a

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/app_59tmdenpb9vhh81cq5mi/cuatp.ext.jar

Filesize
460KB

MD5
031cf9176e7179cff2c37eb64fad87e0

SHA1
71ae741e5f23655a5c56bf0c5d2ed975a54dbef5

SHA256
62661ca96d341b61b029a85108776fcbe31554bee0664e029c7e983ce3c34129

SHA512
a47ffb320b513492e2da73feb2e2f6797a306c3ad3ecba369ed106f7c61033f4243fff0fac0fb7eb708d72a60c9279e55b103027bb379a8337e604299a394931

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/app_59tmdenpb9vhh81cq5mi/cuatp.irs.jar

Filesize
894KB

MD5
b0c7ec174a04d68d5a0c6463a6d97a34

SHA1
150847c771ed525c8c859be903fdfb6c7477a5cd

SHA256
5edcceaa2e06938c2cc9332add15ed136e12ba73fd328793d4a20bddc98dd21d

SHA512
1fea990ed20b34ea0fddafde19a4b3fcf434f6ecc25afd309f1780a59414574d450ae0522d815351bed8c78a2671330c7f2ec5d05606136341deba4e1dc4cb9b

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/app_59tmdenpb9vhh81cq5mi/cuatp.stp.jar

Filesize
384KB

MD5
206bf0fdd8e728fd88f1c318ac60fe1d

SHA1
9b384e56268c6952adac3962bd923e3a6ba45fcf

SHA256
c09e52c90def570cb467ef6ff8926c931da281f4620d12ad3abe88b6de7d9765

SHA512
e2b0d35681a4d0ff27a4300aa6ed2bc8b80ab8b62a04cb978102dc79b19e0cea058810e027d8924193b38ff6b9c1753793d01f2ff869af37b2848433b1f9870b

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/app_59tmdenpb9vhh81cq5mi/cuatp.uni.jar

Filesize
173KB

MD5
7b20967bf595dfbe9a793852366db490

SHA1
c5f39fc7fcabf1d90325f97c2b8343f7d5a42fc2

SHA256
eab1343149a19d7de9406290635ad737d74432577636edddc5226ec3b952a801

SHA512
5af08f2d80bf7483e69446b7ebe77d44d29ddf591bf334424954232b3ece9d46b5ef440f5990723087f18387c43b751a3d7814592745837a022b85dfc4e1dbe2

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/databases/cuatp.db

Filesize
1.9MB

MD5
b458681f9c0726ba80184566a66a0c24

SHA1
5dfd88399ed118e04ae71464c8d396130dfcdd13

SHA256
4d33526088da7c99688a2414e272c6b7bfd74d7abc2d8a8da4044050302cee3f

SHA512
a1d0ea438aff8fe172af4696a818ae1f33c85e5f482e9b58dc4fd76503ddc1e25f348825bd9ef9ee3a0c4549495066b5386f2869a8f7cbf5fa78e4fa130850dd

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/databases/google_app_measurement_local.db

Filesize
16KB

MD5
da4c81d9a032121236a4ed034c0cc9d9

SHA1
6ea1d3d14a34c4dbe056fc4380747d3970cb3498

SHA256
30b7dde5771b5ef3cb6cd033fa2b1618a0674f41f47c1441855f3da24887a0ff

SHA512
e61d8e6af3d48cc6e95e34568209bc24308db9d751dd1451538907df0e7caa67e329c4615911b0c6614275f3e5cfb2a8a38288f5818487c5d292c18dd857849f

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
58c428194f658e5645d5d5d53b63b3d2

SHA1
51e370547df1f7f3286eccf0afdc0507f7886a9f

SHA256
e9a8d3648061686c1d00547c79f81aa3ad51fd1b0ed1a82f856eca285cd264a6

SHA512
401c1215b350dafb14fa827b67b3df5d915ce8a16b9c2ea7bcf8ac2799b4ffb821c49f430330b7189668c46546f5904cf27b2bd079824dd9fcd69743e4989aa8

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2b41e954bd34533041ea70bda7b80095

SHA1
1757bafa653cad15cb8bc9d42e2462a5afebc5ea

SHA256
d8849d4e2302fe158c0924f592904040d97731567aad3965cb531d7c09eefc2f

SHA512
f410f90f4d2ab637d6ba4fbaf0d4fc139d8f439cfe49db1bf4cf351a744bdbb17e1bc2574080e91677439c440e020b93f4cd8bc55edd30de261e1191114e4d95

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
17be187fbf346a9de6d6907514fed647

SHA1
af5c76dae95a0e2dae04680941bedea6a96ade45

SHA256
bc6181f3ee3928facb4b3f1a4dc4d1c853b0cf834506fab80ff2f16e8241cb1f

SHA512
3a74223677b9bc6a44544ee1ba9c9289e20c4879f134338ce9b141b0fcc450db1ab65d5ddd0b245cc202ced29ba88a046d5f56a872d8694cb78f4435bac2d6fa

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
7e5659136602210d92bcb0d1d2bab95f

SHA1
7662cd5006f67653c1e03f172aebbf47ba0f6542

SHA256
c0ae1d96be36ea2825a65b8544675a63bad9639b1fa24d329f56564213339030

SHA512
78c99a00c3180846ede3068ea5d9ee1d42d851c740e54adc9f9edba4c7f822497ff8a7c7dd1066d244a41baa0b92c1d9e6cf4a2594bbd7e0eeb63ff443437dbe

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
217c03f4e96075d3bd29807f4f147c8f

SHA1
b94e2369a1000990dc11b34d5540ce529445d80f

SHA256
5b41642d7d422095f975da7f73007336709caad3c7203f36e72fc1179a042f8f

SHA512
b84941b97afc1edf00975312e1b508592f8f476ed3e067a3fb034514467c208741611b03cbad016c160cc90cbfd35836f9922854a15770fa5efeffc6ef9597f8

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
a1d13ef0d1d037295f35b1b28525bd8a

SHA1
43ba9760bf08660a82ce178afa9af0f6ffa76fb0

SHA256
4c8233388d6e3d8ce201d3401f5414f78aba04ea69fea0d618f5a560035e029a

SHA512
718db3c7e4dced40478d9dd5e0912d843ff2f176736e08809126b6f6798f038c215e9ff392c0624528ac64d653f057a2bee7256d796e15a06c2e514d2eff0cc4

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
ae7eb4ee442269fb407df71d3cefe8d6

SHA1
4488056315d9a8b41acee5d8a08a3c4f33d98572

SHA256
9ac8bcf8d20a5aff473a7cb81bb1b3592881cfe0b7f1dc58c95b0b0751d0f886

SHA512
2f693a4b941a7dcd43a0572cdc45c1d8242ea88928fed9c02a74374ad91f74600f0cf87db62978d7b9e700e640ed9ab45fae3a3dd7678bcdcb8a095b90c67774

Download Submit
/data/user/0/org.jtg.kvvi.cuatp/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
45222c1dba08eeb81e592ae6feeb14d3

SHA1
f974c6ec17c426e3044afad198afbd2c7320e9d6

SHA256
452f67814d9ea2fbb8ecff9dfb56ecb4d32d6659850fb6f651613695f691ca23

SHA512
2e4edbc6f8e4ed1cdf57b82eeb2fbf9d49bf44e5808d22ca1db47369289383daf488239f37ad31e3d4bc116309bd7915773852c431e3c48c77314bb9b380a6fb

Download Submit
anon_inode:[eventfd]

Filesize
8B

MD5
33cdeccccebe80329f1fdbee7f5874cb

SHA1
3da89ee273be13437e7ecf760f3fbd4dc0e8d1fe

SHA256
7c9fa136d4413fa6173637e883b6998d32e1d675f88cddff9dcbcf331820f4b8

SHA512
991294f43425a5b80f8a5907ca7cdbb611401282585a58bb415077005428e3b4c0f661fc07ba5c45f627bd8bdcb172389ce2fda461c029b837abc70f0abbea20

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads