5ad322f32eead60d4318d762b125af07f129c3fc021f9d04c6c830ddd1a80f8f

Analysis

max time kernel
47s
max time network
1790s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
10/05/2024, 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

getApp25042.apk
Size

9.3MB
MD5

b65a4a9803aa3a6d94401365be51a704
SHA1

b4475f15dfe5980e17d2125600c01d0be0c0bd31
SHA256

5ad322f32eead60d4318d762b125af07f129c3fc021f9d04c6c830ddd1a80f8f
SHA512

260aea3c2f0d29fa021e28b268f3122a7cfdba07fdd7efe221872e9b2a9fa2ff5410531251bca379c6e7094f9798e6795621a0ec85135047b5fa7ff3190d8890
SSDEEP

196608:P+eKnwX4tveiXP76hCKxqPgp72IpIae58b4ddZJZF7hAWeyf9y9dPzSCAms3K:P+8INethCBPgJ2+e52OZJBAhy1wJ

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kcstream.cing

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.kcstream.cing

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.kcstream.cing

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.kcstream.cing

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kcstream.cing

Checks the presence of a debugger
evasion

com.kcstream.cing
1⤵
- Checks CPU information
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5159

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kcstream.cing/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
7599dca23ef55f73a1f1bb3c1a91a7c9

SHA1
2d84c4c77b180ba7392ba704469ef4742cf2a8e3

SHA256
7ed22d1a9fd48318087b34bb3aa5e124d0616cddcf7e80a901d8763531b874d4

SHA512
33eff0d2fbed4162b22ce3fd63c1ca793992c0b109876b8704e54b35b427128847823121f9432839c2163521eeee7e1ecb7222acce429be2bcbc08416412724f

Download Submit
/data/data/com.kcstream.cing/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
a40990d98b5bcb6def573107fd034c9e

SHA1
9dc5951572eb0481374180ded69737e46d20234d

SHA256
e6c3d2b88947656c4adf1aae8a7d366ac19c70cfac07ea866c540a3b760a7d62

SHA512
63703c852da81d9b92ed3abba0fc7004e32bc4efb4eae3303d714bd3cb2a70a54cac59a12f15ba7e7df7b192ca5633d4a2908f2e37dd3f26ecaa506cbd807029

Download Submit
/data/data/com.kcstream.cing/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
fcd52132e2ef30d5150487dd29bd11fd

SHA1
40dbc5c6124219d35e37a9aabaa61ac211724579

SHA256
3928bae0f2090e6b0dd3717c4cf6160583e8d89df9995bf09de1329ec4780cb3

SHA512
c064792014187daf5fcc5f094c713b926b6b6c9f0fd6aaeb791361a6516802ef13d0e2b8a8b749f0a6573d4598f0c4774f5df317bc8b3afb167b99a3def9e584

Download Submit
/data/data/com.kcstream.cing/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e6812565e684009ce82874945a1a1841

SHA1
25862ae3f886575f0dedd19fb315919201c39044

SHA256
4615215fd8f1039c039cc5834bbb9fd31f0d8721b179ab3a7b7d353a04506273

SHA512
2c2c2cb749135e4bf84e9287a06ee0a05bf12391222368cbcc1f863404c0834a1e01fc67e6593a836c5494a0a81b3cbefbedf59de0a4a614d5e9c4a0cf5585d3

Download Submit
/data/data/com.kcstream.cing/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.kcstream.cing/databases/google_app_measurement_local.db

Filesize
16KB

MD5
89ceac5bdc0420fe89201f0d8713694a

SHA1
64935b114a1f5c31680ceb4eb43736cdd35c7154

SHA256
25422cdd199a0332800c73ae97549a008ba8be79c9721f36987c3623761fbbba

SHA512
722d3d0845ff4ffe34b0c376e8fcdaa7a7e81ae35bc6030dd7d0f16d201f8238e0ec55d2eb82f593da5136485067fa0330fecdc7a2b7e5575d298a2d59a9a33e

Download Submit
/data/data/com.kcstream.cing/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a418966dc4525d261e1c88100ba18a2c

SHA1
a48aa51335907121ca1389aa755fe4325045fb42

SHA256
8906bcd195c76251561b64308dce54f1268ed9d0304a183a1511406b5a04c9c6

SHA512
02c39c237b35549644bab9109dbec269b5372e4176f268ffafe0ab1a04b99df5fbdf435f30b01aac42da2d20655d99206117541a711f705f162004f6f7f87bf7

Download Submit
/data/data/com.kcstream.cing/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
2b662e17cf1e56704ec1ecb6986d5e3a

SHA1
786bb9cc77c84ef77664c27d8a60cc0f1a57249f

SHA256
b1ea1ac510dcc0d4b418594b9e4470992967eca95d61572170e2b78dffee9b1c

SHA512
3daa18cf22403389e0cc372586defbd407c650676f11907e301d9b106db8ceaf0bb6e011f6dabf4acb8dbc26339cf3acf56a2f92f8a3f580867878954377d5bb

Download Submit
/data/data/com.kcstream.cing/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c04237219a7af6b52f61131520dff37b

SHA1
d5bb112a15a8e33fe296cca6fcf1f5b59bc573c0

SHA256
a1a8a12f3506054e7a085bd1605d8da286eba1f739aad0564bce1e6317150e3d

SHA512
93b2d35f96c5eaf00ceaa6c98e5a372302697d2db72ec639f99e02a6c6018c60a6f829b368d8d51d649adbe762ee070f1be0d9de29e5778f4f60f7f911e78540

Download Submit
/data/data/com.kcstream.cing/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
434b66654962cb5daaaed1518f40d8b0

SHA1
c7904c2e3e62068af19ac761a8f033773d98d57d

SHA256
3dd554757baaf167ae9eec4b00862b797344529a819285c8c5a5134031136bed

SHA512
92243c2081ab4d23e4ef931e5b5228bff00d2a711762a482b0eb82594fb76a8e695638d228f0f67960ebc5f76c1d05bc31628ba2e346e83038ff2425f7858bb3

Download Submit
/data/data/com.kcstream.cing/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dc154b07e1774d767dbe47776cec3890

SHA1
9c80369b6fb528d4d713f7c79c576187756f35ec

SHA256
ac95f33a1790f3d3ab6692f918a183c95a472a562024fc70296b02669fed71d3

SHA512
7a67b2bab820bac51ae7c4eede972ff489f441fb2e79b5ff615af376d43a91957000884b28dfdf6bed5237caeb4040029c800241bbf05c7550c87b0f61bd254f

Download Submit
/data/data/com.kcstream.cing/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2ff95458e0ba19987285a17225b325f8

SHA1
860b5d403e7e4312a4018e67b849c14f67ec425c

SHA256
696723f601aba8df285a2b3e090b86cabb4561bd22b99a04009ca03dbd34aacc

SHA512
1ca678ae1229aab7bce03837137fa9e31ff177258cf1e02f6aaa49044f894a0ec14de820287d6a5abbaedbe3c61ebbe8787d988feee2596a3d56fb28e06876cb

Download Submit
/data/data/com.kcstream.cing/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
bc77a3c456d28964f1e0c89279c5cf55

SHA1
059f1d5e343f42ffeeba33d83db35d69bcf6e7e1

SHA256
a51f61886124b642b608bfe5c9fad974bcdebd78c11e7ad2acc1be1d59a91bf4

SHA512
650a837fd6475e0c27b79940362e99cf3eb10c8be269ff27324a87df935993bd371ce34837ad6975953a2524c2eb6f91e9853088edc61fc4a9a966b9d4987232

Download Submit
/data/data/com.kcstream.cing/files/.com.google.firebase.crashlytics.files.v2:com.kcstream.cing/com.crashlytics.settings.json

Filesize
713B

MD5
ef4a874b91831bd8ad3de9f976862816

SHA1
9bc6e47f1ec8cacc1d81882c4c9d996a1519c972

SHA256
1451b825d3170dd046cde67a15b02715dc75f024869d6efd94a84196e3cbf8ce

SHA512
09df0b2a868519e75c85ea4d40f0fac3195a8fcd5816d02da2b577efa333eb7f48e19a8a31d0e013563ac2700f0baedccf266e76d321050bf0a1a0461fddc66e

Download Submit
/data/data/com.kcstream.cing/files/.com.google.firebase.crashlytics.files.v2:com.kcstream.cing/open-sessions/663EB8F200FF000114270EFE8B2EBA19/report

Filesize
752B

MD5
0012ded102fc6ef0863e642eb5770bbc

SHA1
29b495f29157e844ba0e925f67e16064e1a38750

SHA256
85fbefe3638a0f41318523d3231339219bbba4aca6bcb58f033ec64a0c280762

SHA512
eeee1f4ca0e5d4d6d225c75203362f6786901299aad5bf293aa56cc5af5608a7db6bb1117cd4ec2d9cedcf92bb3df1459af6685af7b033e457d04cbb5139e9f8

Download Submit
/data/data/com.kcstream.cing/files/.com.google.firebase.crashlytics.files.v2:com.kcstream.cing/open-sessions/663EB8F200FF000114270EFE8B2EBA19/userlog

Filesize
88B

MD5
079b71aa2383f6999483cb2370e82c90

SHA1
1b66bc50f0e5f45750288b5686ea5ff2564d4d6b

SHA256
2b5f2621ba82531934ddb34a5a1cf2b6f337edc6568566e504454ee552ede117

SHA512
722e87464baa128b49ffc6c92f46597dd181255391deacc35bdc0e263ca3afe51de49797bcc484b1784bdf098e0a44221e26cb61923cce9de320bb77aa4feccf

Download Submit
/data/data/com.kcstream.cing/files/.com.google.firebase.crashlytics.files.v2:com.kcstream.cing/open-sessions/663EB8F200FF000114270EFE8B2EBA19/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.kcstream.cing/files/PersistedInstallation1186700868626862710tmp

Filesize
90B

MD5
d1c7e46260261b4c28d44ac47ecdcffd

SHA1
e95dfacea50105d34b22e33d7875a79d3820b1da

SHA256
d988d728de4fdcb077802f727edbf277d96a498d507867dcf2c9b0682e2eed5f

SHA512
c4a75b92a7a98ed96aba9b8a74188e595c75d5274c6497f742852e25f9c699307c20ff84a5f91dd452b7e1232b80d13898f3cefce3b66c1cd557919cc86718f1

Download Submit
/data/data/com.kcstream.cing/files/PersistedInstallation3163068197286986477tmp

Filesize
572B

MD5
9563319590d67023aa409d552d8bd3fe

SHA1
953d98c5959e6fa8d548709cd089930b1d92934c

SHA256
a736b18ba4741d79447d854ba85e0c507b2a7bd2831878721684b52036228162

SHA512
1e539cbf5bcf6ce284c3efacf410fbbc1e3c81334f2999a1f8f57ed01ea38602b1bf6dcd4c7bbb0f9bb08ddb6fec9d541b80f9ab6cd4d98957927a4585dc25a8

Download Submit
/data/data/com.kcstream.cing/files/tcb

Filesize
202KB

MD5
5c4d2c4a7be9a34876b0b3bb39a9240e

SHA1
a10b7408e9ae047a5c5703713532c90224dd6022

SHA256
5ee9ced9d06de1b8c2f4bb1394120997b25d6d4bf51fc3356203518e3fb72757

SHA512
88f74f0eb6c047e5dd55e4d0416c4bd4c28da66327c161dc13c9975197bb7c27b39a7d7bc0971a0b062369878ec1167423a4874b8bdb4e51b47d274ae3cc60b2

Download Submit
/data/data/com.kcstream.cing/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kcstream.cing/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
1b39be3fe50b4781a37409190b31b497

SHA1
87d57fcc590c6c54c15197b0acc10160ab20a1d3

SHA256
f1d7f711b304abaa28f225e3cec37c53651cacffd3a5c091b16f38e63d139dd2

SHA512
466b9e3430bf74cf8f1a820dc7e77a8675072abf0add7a65443a48a4273d7b050d26f3d7928c909cf6f93febf7b53d6c7a76aff11ba4b65b8060115de764ca59

Download Submit
/data/data/com.kcstream.cing/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kcstream.cing/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
384ba9f5bbe897d7b6c95063e23691ca

SHA1
34d0b6bf05dff2a013ca430b32ee51baa7fc387e

SHA256
5792fa8e0bec58b5a08bf9499adb2c9276a372c3b4193367b436ac1c7927ec01

SHA512
68003e3fd231713449112b230b01e39c42b78555f7b5d5bf55102f6963dccf8fec74394e4e9175671c2dfeb120633de04e6da798cafdbfa16171e2f7361352d3

Download Submit
/data/data/com.kcstream.cing/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
8505478bd4dcab10057dc2832253ab1c

SHA1
bf2f6abe3cfdd4d08045db93a4977c7cdf2c964c

SHA256
0294999f7dece8ed905e211b62c2c58a874379b47773cce42866499d742aeb18

SHA512
586f043fcbcd8ca0b490bf50676fc53c9bfd6043ba0aef746b51e20f40d89ab4ea059af4d74ae16a8b12a614e59fd03cb18b55fccafdd72d5bf12bd0275d8938

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads