8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72

Analysis

max time kernel
123s
max time network
179s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
17-05-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72.apk
Size

4.2MB
MD5

515257eed660ad6345930c3f1c03bdcc
SHA1

d4662caee42d040b93e68eccd05073aa9e914453
SHA256

8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72
SHA512

49ef25b9f7f38def8c046203ccf86c3ba8cd0b1bde983c0a02219683abd5818aac35e7151d8b6322cfbda4c1dc0d00b4fe572a13e89e9501068ab7c48381b258
SSDEEP

98304:aQS5HjKr/tiHLJfFgxx0VC0s1KY68ljb9Wmk5MRpOx:aQSZIkELcA0UZW06x

Score

8^/10

banker collection discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	parseh.filmha.two
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	parseh.filmha.two

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	parseh.filmha.two

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	parseh.filmha.two

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	parseh.filmha.two

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	parseh.filmha.two

parseh.filmha.two
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4670

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/parseh.filmha.two/app_Requests/QueuedRequests.sr

Filesize
169B

MD5
5bd326c7a7ce8f1d6f179b76dba93378

SHA1
349d03e3d5190c2440b90d1de9bfedcf8d24b10b

SHA256
0095947bbd85263b9e6bf2772be7e19ebe63ac80dbd49c9d616be40ab63ea344

SHA512
cf95d77aa189b8816d5a6385a89e79aa45012f94ee5869786d7dfd059750c7bd2cc3363512015c33b9ee4a18c540a18fc0969ffcd94c402db9577573b95666d0

Download Submit
/data/user/0/parseh.filmha.two/app_Requests/QueuedRequests.sr

Filesize
169B

MD5
07f8f48b5fd7ed1a378a267a58936c92

SHA1
073a19f9729456b916f3f6a96195ff3b3f87e8b4

SHA256
13f233797e9496468f336e7d4722ac7e02163e3b833d568a5aaeaa99f1bf82ea

SHA512
3e2c820b37e95f2f55b6ce160469746d61f7856706a8807fd88143d6f5ff7186ceccf04de05ec441ed02f5311444a25f791f8b8f70df71455a0c6ff216d33cde

Download Submit
/data/user/0/parseh.filmha.two/cache/Temp959717377

Filesize
38KB

MD5
5af7dbcca37558c942081de1d9d8aadb

SHA1
31feb92b3bebc4f377f44d543da3935f649aa72b

SHA256
dc76d675c65ec7427d4ea05d6abf671c06aeeb80fda9f193a7f4181ed0706b6d

SHA512
3c06cc2c3902ecc18b81f6cc512112f1a3159ab64c54863ade61486e057321ce1a6092f82f5c0c5643fdffe2c220a136eef37c77a8bf8e6f3355e4ef5a91f6b6

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db

Filesize
24KB

MD5
29404392dfb96a59c4e37492a8a7ef9b

SHA1
adac8d72500bfbdf895e6d8241a66947f49f523d

SHA256
df024ab42f0b17a360e9b50541bdb0e28fd4ddb9990a6ddc81147916fcac9aec

SHA512
bc970348cfd21718a002d9e538edf5b89daa386add36350e732867d20ed0e2890bec6036e5c6fac9a028b53982f876f08233e7dc2232153332b07d8175669d43

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
c73f8e524b8f0a8fe11cbebfef20b238

SHA1
f7d285783d9ece3ed4c55f04237c63444288487a

SHA256
0cf2d0a7a810a5d215f53d2cf00348b4bfb22bf258f72cf04227064657630f8e

SHA512
0f776731644c338cf20a1352d4b8d7b4e7475f444d444b4bfdcbfbd088081635fa9752d0a0b11551696c422e93680b86b3fba4300a1d6dfa7c000ada7695bd5f

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
717a77140d7db82a0239d062fd66873b

SHA1
6ec2012405f73ef839e858785c6a9145e2ba9382

SHA256
67bb6c0413e145ae5b6134f85a6855a501e7e8534c0ef42f725a57c1b6464dff

SHA512
79906c77e2be415d501245807cdc7ecb761fd6b84d1bcf1153aa5329c23a6e93f92f83d2d8a3a7a48f637f9d9b5c654c3c75d173d8e9d1139223158684db8a62

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
d4537ac4bf3f9613870894f296678c34

SHA1
520c6c84ac131445da12b7e7ca18317189bf89fb

SHA256
e95c7055e98637315c2570fb90572493ce8b2a75dd5d5c3d8523e45d6348c014

SHA512
9f3fa0da7398e425f9ab570757721eb97d896526d04e064211e2b0fd0cc0fd0e3bbf92af505fe7ccea29aa874aa73e7f1b20c820ac5d9921046294954ba117bc

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
6c4eb7a7879ce6e399d96a14eeee240b

SHA1
99354bdd4fbbc666620cce67a1d633eb5ea264c7

SHA256
403447e92d3bb7951b4b4e4bd74bb5574bbbe67ae13a8d24879fc84e11ffddca

SHA512
1fc25a1325f3bf0ba4f821741afcd1a0bb174550bbb2b77b2c4af6921f16e61dc4fdff991c13b301b4e0d24140c3ab3e1e7ff98ba3bc807d4bf79bdf477cd5a1

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
1307a48ce80209cfe0ed844e02c31c02

SHA1
b8518d9cdfb308e0a0280cb6a69f3060c6649a5f

SHA256
f0e01f780bdff84459b33b8c943881d5ed9d20288c59dc0d1bb66ea17cf3a8c1

SHA512
e73785785f885c679503d2d46d9b58cd8475dda1a57dd95664b08709f50a23e2b762f04e47618d0444627e8b0c8fe45871b9d7aba934b75a14074013f665d89a

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
f6708185b0fc969aa840dcc9e68ae423

SHA1
c16db27d8827f76f10981a2b69bbb48160bda2bd

SHA256
218a1dcc16699a317a38a0d5c44c5812c0bd86994598ec99705fe711845a2128

SHA512
047dd4e2f634bd7e7148e139f4bafa2147028cabf1a0e4c6640d4cdc14e6e2955a60d5c3b75b62b78d9ff0f0e80e033430ca4db00d21f34029f935208005daa0

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db

Filesize
16KB

MD5
f4d21f828fe4d3443b3edcf668fc731b

SHA1
ad97299fd7f1b858c72f8536b462d0e1a3de0206

SHA256
f4c20fd1c7c41036a22528739d21ec71079f79064cc9fdc0317c8c0874aaf7c2

SHA512
207e0d00c6b4c113d04479b3f8faa2faacacc18a7c63f5fe9e9b25665cfe84e49550043a09907ae752a898dda72624c0e122b6133ddc07ababdb4b5b12b46387

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
f3d41bc5a03a5c41a31599a5b9b2faed

SHA1
6c7f31cd5c884d5c3298f864f1dee41f4c574a40

SHA256
7d31e95ea38aa22a9da2bf9024015194dc66af20ccf01cb01e7a4356d84e0e97

SHA512
174ef1550a7ff78b0640bc0787821102fae84af2264c93aab1f01c42939e10fb9db6d5db81af4338484bc330e6805f7c461ebaeef7208cfa2fcd10dc018fe839

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
1ede449d313a9e19541acb6b480a41fc

SHA1
61f7586661c901894610a33adc714abe0a18bca6

SHA256
17e8579dc8059352f81750bce03cf6a1f3affbbc279e47f7a52ae4bcfdedb9c0

SHA512
5be87148554b9791be2dcb1ec3e2e36fa6e9a1e19569e5d07ca4a3f05a44ceb728eeafde832d687b1790c9b2a55dda7d7667f9dc1c0bfc2e09fab3ba2323b49b

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
512B

MD5
30f5007d89664b3deb72d99b605b6996

SHA1
a48f3db526b5f3ae46902f5f683357a006f923d1

SHA256
c21d75a37db2a75d91cee92a6c1a3550ab9b86ed708d4e8ca0ab77339ad109a3

SHA512
5a6856c607dacee2869f7c6f8f386cdc4564317f5df89f63bc026e190d9c2ff5437f62a7efb57d4185f7bb3ac75894221a073c85e686d86e53907252e23b1527

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
19186d7c33d686f465c0d9e4f15169ce

SHA1
cd4956067ac151efaf8b1eb4cd06accb739deb61

SHA256
e680275ee6b98f4744678b376531dc11122b4290aae25b79ff3d3fe4a67b19d7

SHA512
9816fba05ac95d6eb1d936cb9854129a31559f6a9b5dc8604f9b8a1735efa09171020e8eb8c58061baad8d06efe9ace3d5c92e307780d4bdbd5d526986011464

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
50478a1a733a1520fbe066a0757c8cc9

SHA1
0fd8dea1b4fce230e586bd6da4a3ec5043569250

SHA256
8ad360f0531b7da566d91329af97a65fff24b8b85d0e11fe5f7d467e6b850779

SHA512
89edbf186d0e1a22876fa760908dd3100f68dfdb364c322761c0d335924e613af58aa1a66149a89460f829ded5053c33fe57a7b683afd87a0374e6101af0c5c9

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
314aacc8936215b582952bfbe41dd488

SHA1
3532160950029d211edc56b9ff60bc3e0da9edb2

SHA256
2cd31b2ab9bb0fa0303b80f3a8e561c2d5d85d7876769c14a2ef8f5c20724824

SHA512
d5fd6c8f70fd0d5ea94059c61b992b54eef48bf31b76d7b8bc023be4b4bcb68df65ba29b2160b3f7af936283be7cefdee244dfb75b42c5fc2b59569cf70dbae6

Download Submit
/data/user/0/parseh.filmha.two/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads