1408e7707175bc931aab648c2a9509702f72728375ecbf238c15ddcad9c5faf6

Analysis

max time kernel
17s
max time network
151s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
12/05/2024, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com-andreiboyy-fortnitevbucks-6-66543090-66e7a085326e41b61d32afa73364302c.apk
Size

36.4MB
MD5

66e7a085326e41b61d32afa73364302c
SHA1

1d668fe5bab3fb1d44c5bef961b4b557fbec8ad0
SHA256

1408e7707175bc931aab648c2a9509702f72728375ecbf238c15ddcad9c5faf6
SHA512

3c9310a3afc0430bc37f55b71218e731557cbc24c6c5ec04256db49369b9339c46b4cde4083e6ca431a7af3cb92200a2374d4020e3f4bfa7871ba27b3db57f16
SSDEEP

393216:1c4rrno+6BTgFWZhTN2wfUCe6WkiznFonMk1LESMJj3O6/rM0oGGGNrDsVuWdYYG:1c4rLo+U0FW/WkpnpG/rMdGNrDsVuSG

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.andreiboyy.fortnitevbucks

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.andreiboyy.fortnitevbucks/files/audience_network.dex	5277	com.andreiboyy.fortnitevbucks
/data/user/0/com.andreiboyy.fortnitevbucks/files/audience_network.dex	5277	com.andreiboyy.fortnitevbucks

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.andreiboyy.fortnitevbucks

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.andreiboyy.fortnitevbucks

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.andreiboyy.fortnitevbucks

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.andreiboyy.fortnitevbucks

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.andreiboyy.fortnitevbucks

com.andreiboyy.fortnitevbucks
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5277

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact