b0e7a65ab08e56084abab23c8ebafd6588b07947f8400ddd3358d5c18751b69c

General

Target

b0e7a65ab08e56084abab23c8ebafd6588b07947f8400ddd3358d5c18751b69c.apk
Size

2.2MB
MD5

461d94e791de3c5712f3ec1cfdc50416
SHA1

20de1768ae4455c3bc199f4e60ba5bebc8e66067
SHA256

b0e7a65ab08e56084abab23c8ebafd6588b07947f8400ddd3358d5c18751b69c
SHA512

1f0c85910faa4125a1eda23398ad419f7ddfcbbca0c2526e16c4fa6263255c0378fcd6fb736e149bff00f866458113e1ed46b524beed393804df8381068c3e58
SSDEEP

24576:3GtG28ZnVL0EBcqK35yg0NcXASkAJ6Z1xR/1stoU/luJqsK0zDCy9tJIbLcfr8jX:oCVLZcngFJSkD1xRdioKy+yTJIPcfr8D

Score

7^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	iiwqodspeqr.dscpdadtqfm.ybfchurqjravh:hjgk

Queries account information for other applications stored on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	iiwqodspeqr.dscpdadtqfm.ybfchurqjravh
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	iiwqodspeqr.dscpdadtqfm.ybfchurqjravh:hjgk
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	iiwqodspeqr.dscpdadtqfm.ybfchurqjravh:Daemon

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	iiwqodspeqr.dscpdadtqfm.ybfchurqjravh:hjgk

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	iiwqodspeqr.dscpdadtqfm.ybfchurqjravh:hjgk

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	iiwqodspeqr.dscpdadtqfm.ybfchurqjravh:hjgk

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	iiwqodspeqr.dscpdadtqfm.ybfchurqjravh:hjgk

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	iiwqodspeqr.dscpdadtqfm.ybfchurqjravh:hjgk

iiwqodspeqr.dscpdadtqfm.ybfchurqjravh
1⤵
- Queries account information for other applications stored on the device
PID:5181

iiwqodspeqr.dscpdadtqfm.ybfchurqjravh:hjgk
1⤵
- Makes use of the framework's foreground persistence service
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5220

iiwqodspeqr.dscpdadtqfm.ybfchurqjravh:Daemon
1⤵
- Queries account information for other applications stored on the device
PID:5424

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1

T1603

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

1

T1541

Credential Access

Discovery

Process Discovery

1

T1424

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Stored Application Data

1

T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/iiwqodspeqr.dscpdadtqfm.ybfchurqjravh/databases/tray.db

Filesize
28KB

MD5
1b1f843f4e1915a72f56008d9817826e

SHA1
2b42fb9078d70b085faab5dafb48df598d5c8b82

SHA256
4b4e49e0ed716a72a7d02d4963cd512327222be0a26f5a1cb8d41c43f8d0f535

SHA512
541e22acaa68f51edcca819e3436f888fb7e30ba766c8737a7015ceb4b2c7b1277d669af2d76bb76c05af96a6dae6fa06b817a95a87820f160d7714b75c85b01

Download Submit
/data/data/iiwqodspeqr.dscpdadtqfm.ybfchurqjravh/databases/tray.db-journal

Filesize
512B

MD5
aa6e98f9d17eb0a5ee4b000b8b8e2933

SHA1
55e0f29b44b11e9a6f28b85dfe7a77e1ec73b30e

SHA256
a034cf1736748bf5ef45d58feaea6e2152f2e1246d110568e8d5d53fc6a11453

SHA512
92e06ab18e340e00b83432fd80b721eed0142fa01d4335822231a06c388b1d97fe6eadedbe0070b74238f60b74e3f25895bf214816ee1c178f7675ab7642ce7e

Download Submit
/data/data/iiwqodspeqr.dscpdadtqfm.ybfchurqjravh/databases/tray.db-journal

Filesize
8KB

MD5
11dda978e77e092097bb053d9a42532a

SHA1
ace9140ff7d3f4fad5d5bf375147524db2250544

SHA256
ef2028ce63052ef2e83ffd18ee519c85ac500dc45af5acb252b93166c1d68cb7

SHA512
70bbf269c62e08d011d56c012459083bd76010a802fb0ea3ce38caf6f54d1b069b91a677003e1544bd8878459c6d177b825b7e2950219d207b9dd8ae397e703c

Download Submit
/data/data/iiwqodspeqr.dscpdadtqfm.ybfchurqjravh/databases/tray.db-journal

Filesize
8KB

MD5
d85ad8779defce38c72e3c52eee2f9ce

SHA1
66f3ed7f408e41d268ab439262852d3035b0fbda

SHA256
566938372d584872292116a362897efdb36aef6541215a4b83b96b6e716de815

SHA512
a336c828d9999898b6c3bd7fe37b149fc5397f5a3dafefeae6af3e4dfa881f01490fce2cb98f5ab038ae0a4cb3c5ad67ca3851a6591046f50db2db10dac8af32

Download Submit
/data/data/iiwqodspeqr.dscpdadtqfm.ybfchurqjravh/databases/tray.db-journal

Filesize
12KB

MD5
1d0afaa13c21d5b534d265bf1f3729b0

SHA1
f8328a68a3694d5bd2818eeb717ff85e9b8181a3

SHA256
603da5843bc2166c30e0d70f993d25a4e872a574deff48dc3f8a279fb19c3d4d

SHA512
54be082dad4174407b963d182e81c9e7fff4ec34b189386dbe619f2456bc71c61e43f636d8a217a51cc3e524828bcd2b905b5427df1f8aeca5e55f4c4a1a477a

Download Submit
/data/data/iiwqodspeqr.dscpdadtqfm.ybfchurqjravh/databases/tray.db-journal

Filesize
12KB

MD5
905a4456bdca0d7ec91c6b4227c4d70b

SHA1
74b8d4a34ccdc290bfb5381d83c2262eaef07ed4

SHA256
67d23be3f1f5c9cab06edc1a964b39dccc32300b9d72a7e99d6c5f59229cc070

SHA512
52958d9b62caa9100e70c2b653b282a2be68b4644c274d11df644d21f2db7e7de9e0f10e907497d71d4974c4bb8e52fd356a3e552e61ce2ac05a7c61e2e60aab

Download Submit
/data/data/iiwqodspeqr.dscpdadtqfm.ybfchurqjravh/databases/tray.db-journal

Filesize
12KB

MD5
72be70b0a32722a2d5b2651466f4ec4b

SHA1
c2fabf3cf4150d36b63d49dc6bc34cc7dc305357

SHA256
392a6e370b791f521c65c333b8e9aa01dbb6c4c1152362398b6e975327d01957

SHA512
7ae7796db85c0457e5460894df983086e1b6404bb2bdaa96cd3ff752a7d841ee51ffcf9e23becc941170d8cc55ebfb5d20bbfb570b033ea865836f050a168592

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads