af67b66fa5192be6f86293acfda7adfc83a6d8245e6bfa6b0c7d628bcd77830b

Analysis

max time kernel
2s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17/05/2024, 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

alipay_msp_3.5.4_pro_1.apk
Size

353KB
MD5

4d8c1c40475a91b04cd97d6dee1dadb0
SHA1

2c9bd64e889a62d9fc7500e0fccadd2189f27288
SHA256

7950404b6976f44329d1cb021b73b182e2e9e84e2f90e86e54dabe3902784239
SHA512

025c43eb79c5138cc4c44c67328fdc98c51163c97511a9b421580c54d023b1c05c3588a8ea0d6c220f40d9f7d69e86240c8abf6d3fccfcd5782087252a0b14c9
SSDEEP

6144:OIhfOSywkDqx9kvdacnCVRJqPq3JurJ2f3Rp5tPVKt9m8rpvCpCBJpN:OIpywkex9kla7VvLQQhtduNrpvCAvv

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.alipay.android.app

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.alipay.android.app

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.alipay.android.app

com.alipay.android.app
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4277

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads