04b4a9000f8935c2cc63b751c6b91f13cf1e796432d32e80ae3c8e474b902f39

Analysis

max time kernel
179s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
19/05/2024, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04b4a9000f8935c2cc63b751c6b91f13cf1e796432d32e80ae3c8e474b902f39.apk
Size

933KB
MD5

fc31703b08031ebc2eefec5d70763807
SHA1

6b32a1b35f2cf2bd108e07288390cad70f4b6f37
SHA256

04b4a9000f8935c2cc63b751c6b91f13cf1e796432d32e80ae3c8e474b902f39
SHA512

bb5b2c32d58f0f185ffe271fc2319bf0ce24b78fb39a943b7b5f0d13014c036a8f15f632da2d4c2fa4275cb06baa2ef4165abb52b0c3c2fa964eeabb86334512
SSDEEP

24576:O/Mg/1BUjYiJtWK1Eja6TAqy/6PlS6SpJyS/HZvG:/gNR+t1EjTsGms

Score

8^/10

banker discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.spacex.runner

Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs

evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Intent action	android.settings.MANAGE_UNKNOWN_APP_SOURCES	com.spacex.runner

com.spacex.runner
1⤵
- Checks the application is allowed to request package installs through the package installer
- Requests allowing to install additional applications from unknown sources.
PID:4535

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.spacex.runner/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
dc4bf1acdc3846f84fe5b06c0827ddfd

SHA1
442e8dcdae998ac27203b6b8f04de3d74626232a

SHA256
635daf72074999c88fc21edca8372031fdb5d79a2c6f73eebc3b48c55c12cc25

SHA512
d1369cc731a5c944917b0017f2edd3734b45926fe84e593629fb7abc86eb71f30f7e09c625225aa1a2f62ea02ba53c659cbb55ef8ac92e578b9afecaf61d3183

Download Submit
/data/misc/profiles/cur/0/com.spacex.runner/primary.prof

Filesize
468B

MD5
a904cca0007b564ab23550068b91a4aa

SHA1
14d78d938e6a270b7012b272fbc4a8e8e5274b7c

SHA256
7f1dfbc2c757dc2e552a905730b78438b82f0b67576b05c970b1b856a35951b2

SHA512
3e74c5414f72912d31028b22426eb7689c1daec3d89b0c88fea9ad9561227a73b76f6035961ca81c44ebc0fdc1c3765592118acb5af5515bab7ea4a11cda83a1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads