8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72

Analysis

max time kernel
124s
max time network
184s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
17-05-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72.apk
Size

4.2MB
MD5

515257eed660ad6345930c3f1c03bdcc
SHA1

d4662caee42d040b93e68eccd05073aa9e914453
SHA256

8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72
SHA512

49ef25b9f7f38def8c046203ccf86c3ba8cd0b1bde983c0a02219683abd5818aac35e7151d8b6322cfbda4c1dc0d00b4fe572a13e89e9501068ab7c48381b258
SSDEEP

98304:aQS5HjKr/tiHLJfFgxx0VC0s1KY68ljb9Wmk5MRpOx:aQSZIkELcA0UZW06x

Score

8^/10

banker collection discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	parseh.filmha.two
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	parseh.filmha.two

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	parseh.filmha.two

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	parseh.filmha.two

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	parseh.filmha.two

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	parseh.filmha.two

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	parseh.filmha.two

parseh.filmha.two
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:5106

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

Filesize
169B

MD5
36376cd27a73876c0f7e89a13ecbae0d

SHA1
f9683f7ad8212bdb8b0ffc6ea4e8397c1304d8c6

SHA256
017267eaec63981dce6e638c5392f65444b774ed08c60a38290b5722237c8810

SHA512
ab4e0c20c60ee33d6837cb79bd96a1da492aaacc73ecb6bf551c5da9b1555f6e00c9a4e2be166d4d795241ccab6643b6fa950c51e8cfcab2e55e9e98702ee77a

Download Submit
/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

Filesize
169B

MD5
41af61e3a71a075c8cc7bb3d44d4dd9c

SHA1
7624aee63426343e0334e0952197b07c0f500d29

SHA256
3b1facc06ef3b145b3de06d680deca5f557cadbc4e4a5c901d501b991658dc94

SHA512
52ba39bbfafbdc05cfb56ab68b32f051b9573808a8b847a605fb32fc1868cec866fdde236d8be24512cce116da56679cb1dfa944297667286fb39068492b0c30

Download Submit
/data/data/parseh.filmha.two/cache/Temp959717377

Filesize
38KB

MD5
5af7dbcca37558c942081de1d9d8aadb

SHA1
31feb92b3bebc4f377f44d543da3935f649aa72b

SHA256
dc76d675c65ec7427d4ea05d6abf671c06aeeb80fda9f193a7f4181ed0706b6d

SHA512
3c06cc2c3902ecc18b81f6cc512112f1a3159ab64c54863ade61486e057321ce1a6092f82f5c0c5643fdffe2c220a136eef37c77a8bf8e6f3355e4ef5a91f6b6

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db

Filesize
24KB

MD5
5897fce01b0fcde69effa4d2a84d9bd0

SHA1
a1f7ae1c16c774b0896c1740af24646232fbba03

SHA256
4fc00c19ce0dc8bc2e017a7036b1a5c400f79e522721beb1c4ec4305347576ca

SHA512
ada50f24e448995873f57e979a1b206c705beae358664bdfb19b9d74a076026e036b111b95b9a15f123af1fe632b4a7f8ccda7edcfe4c255ce1f1dc1074c9b53

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
51ccd66a273f94f1c053cfc85648a336

SHA1
c04c486f0acea8e8d5c2fdbcdbd5e4e189fdd393

SHA256
5a03476e4d0227cf8e8026f047b1db8252144e5cbfe8cf33a0b912dc07ca5166

SHA512
f4785544f2b4795decd4592446a89695190d572cced5000b943bd6d3f47faa27fab0cc075261a9bcb005fd04367f1125c388c2b6b7766a16cef85e0f0e8636fa

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
55cb8373ab34d20e340377b26e6b39f6

SHA1
220c400414bf2377c0ba5dfbda8a66d76b0953b0

SHA256
bf56dad779039e0a9591fac8a4514d1db27abbdc8a364f8aa2b8fbfbe35069a1

SHA512
025ad330768a21faa0060d4e366997b8e012d59a5dc1b94ca2bfc58c78b1a43ebc14160112a1f6a440ccbf70986e17ac36c372dac4efcc81cad9bb361dee5afc

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
96c97d7890fa10235702541ca1577975

SHA1
9a192192d7bbbe1c5dd9cf2b9bd2a3ccec6c1c7d

SHA256
4d0d33d63fdc181f0f67b1a190215f82de911fee5d4db99ad6568d3d471c2e75

SHA512
3a45ccedab14449b25eea152888533d1a0223b4628aeefc198bd9b168682c81a0afb3fb60adc25c2611bd13957e580d4d8785776457a5a83915e3844dec09f4e

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
dfb2ce6c84ba7236a75a42f84edca103

SHA1
338d4ccc6892da11a2c7f3e97958d7a281dc4f6d

SHA256
3fd5a20d7742d4994cec0b87aaa006ae279d7f9f0281a18b886ce145b8f5d50e

SHA512
c1f223f8783fda9bd0fc1fcfb207c4415b5506d347e07220d8a1b4a66238c2cdd5cd670453c37a7975a810e0760bd984b52133fe9ae6c6f4799898fab1718f5c

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
452342981537ce3074b0d89a5821e6bd

SHA1
9d5fe81886392765f1cf641ed4899e9e6770f56c

SHA256
543545c1b4496af660bee2953552313e8daff961db300007c4d08c0944369182

SHA512
98388fbc2fb51c99cbacfb389a19d4e08b9e8a45fc9052a5a109f738425d1addb0583c1e3ffa7bbf2d9e7ba8241baca1435812edde24ed2cecbfd155b309add4

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
8e92ad5b71c6ce83a80220e8392af8c9

SHA1
5ee1bd1b0f6f3a61887a3815486037af2dfa6e61

SHA256
d38c0ea7c7c5258aa52da729a3cb4b12e141e47a8f127eb5e9e96e673c10b374

SHA512
af8f470f09681dd29fb5c09baaa27a2c2b37b68c37535c73de49faf96d428ac613862fe4d63e95ac5b832bad6e6319981db9c0465a8543d18c7abd37b90821ef

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db

Filesize
16KB

MD5
8612200c80eb292ecc6712b5f7f2de84

SHA1
192fed016308a73e611f46e987017d2e3ac47707

SHA256
fa0242dc0c92480be615bce9d135418c0d7d46e1849e12ed7093cb6dd0e773f6

SHA512
ed15dab744e89c6ae50aeb0373dfd5e017e0a2b71c213ef29c2a1173eb934d3058687991222e8fa9eb166cd2ffa44ed65b1361f884bbce5f447b5407a69ea9d0

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
be29f3d9928e36ce70c9a449060ea8ae

SHA1
7363dc1b9ff5fb8080a33958de78b0f33ebb2d63

SHA256
8ae956475fe5a85f2a2736b2be65e875d7f350e7d327c9c1eb54cb0262e883b7

SHA512
1492d399b35300dd182182ac53af4f86d42d1e0ded023b8663e93bb5be021a04f7d17ad9ea5afcfc57e91abab7963a341143af9b245229f618c2a0e72389e6f7

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c6400d336d4d8b687713b68cbf53c9f5

SHA1
989be681606d08af0d5638c4a3bd0802b2cc5838

SHA256
5d6f4bc310a3783b189d3441621f51395b463e48371f5fd42855ff424bd7fc77

SHA512
05042b09d981f25ecc6daad777f3c7c1428727a57ee2468b84f648d7fbafa7a2bccf981c44b35648945839c861b65d309ee94b899008fd59ec3e4c7f5f4707a7

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
512B

MD5
1d532958c32a87cfe6e5bac32b59574c

SHA1
f4b6b0b0bedf630e82f0170fb8d19198eba9985b

SHA256
ee7dc2325e12544a6f6d458ac5a510c58ecefe9ddda679d6011db10abc332015

SHA512
7d75a21dcafba9a91953cb4feacf6b9acd5a4188b2046d53e4c49f9ca18e8e53440d1b0ebc9df1a849b28a95f17302aaecfaa69dba4850d8d054dc4b7bdb8b28

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
96f4135db9bc61293aa7ea8828715d76

SHA1
9b495542ad9fce11457b7604bede92df32801c20

SHA256
d528e146df5efa3438e328df2bf574abc9d153bf9df08c25cb2d4e28db11282d

SHA512
46b8db8ed32e2a985d3662d1f568674238a5a143f8fc29a09061fe0ce8254a031f3606afde9635284abcbfa3bb29466bc2b27c0fe9c5532237b117097dfe75df

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
7ecb99afb33ba7bd0f5c05614935ca6b

SHA1
ec30475b99fa9ca2b34e8f05fbb2f3c465a574c3

SHA256
86847c2ea836b174a843bc800843a40ee85910e88ad8c7b928423341cff3c0e6

SHA512
768f12c4aaf39fe173bd66145fc78aa99b85176e88411bc42c8d8763415a497bfd1d4d0a5d5e2209af1756ddf5c2c13fcfbe0f1ad18d543336fbc8b14b248646

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
fc227231dc97f665834908c94f1012da

SHA1
cf13f7fcad34d74f9c66cd9a3dcbb950e36dfc1e

SHA256
4f714d6b4f322ba98711c1f1ada24a9ee052aeedb4d59f034c023c0f78ccbf97

SHA512
d45fc9adaeb4a9b46ece17b2d90ad31e53d3ad251fa0112dd67392a3918aa2671a2c12aad8f82e866239ece5ff2ce4476f91fbd57422de5538e0806d4f65c9b7

Download Submit
/data/data/parseh.filmha.two/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads