6a775c7d85f5caa06e9e8a09aca77bedf597f953c1bc0309e53f29a1097d7afe

Analysis

max time kernel
178s
max time network
152s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
20-05-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15be150e6bc0434a9fc865eefe840990d57fb63cb078c19abc45f79adf587f3b.apk
Size

765KB
MD5

f348eaec5ad5c7fa51b0d0abb6d50cea
SHA1

a3d32e31451414db26b224e1f4900c5bb7d5350d
SHA256

15be150e6bc0434a9fc865eefe840990d57fb63cb078c19abc45f79adf587f3b
SHA512

d5c9c1140634c3af8562dd7001eadd12852b84235c02570e7bc2d8bff74b2beb7b0059a229a3a5db2caab9584cd67e7fb0d9e5eb42ef733394bec4ad97b80ce5
SSDEEP

12288:9BBZRvSaqKGkMzIlO5WmpYshXZPbGwidNpga:nBZR7qKXMzIlO5WmD9idNpd

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

cmf0.c3b5bm90zq.patch

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground cmf0.c3b5bm90zq.patch
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

cmf0.c3b5bm90zq.patch

description ioc process

Framework service call android.app.IActivityManager.registerReceiver cmf0.c3b5bm90zq.patch

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	cmf0.c3b5bm90zq.patch

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch
1⤵
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5119

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/GroupMe/config20-05-2024.log
Filesize
61B

MD5
2397278bfc2e616f3d666d789358d460

SHA1
4e0644c3525c7973fc3d6b6a1200fd2389836450

SHA256
2bc6c49eaa02cb13faf1234cdc0a37935711b203ff5792805b14679e4e883d3e

SHA512
3b1547bbcf4c3530b0742993474d441d7c91e2fc049322087e201b4920e51e43bfab4e3073de303cb0b53ade922a5eaf4bec84279f68d7bce9b986e2faedc112

Download Submit
/storage/emulated/0/GroupMe/config20-05-2024.log
Filesize
57B

MD5
c3033097a704a34e5a27d81caeebe2d4

SHA1
0560ca9ed0aaa5dcea2a3d97e216ecfa06830db4

SHA256
5e36b97ea92ebdf64b2bfc977c63ce35d618494212d153407d43187ee6541da1

SHA512
b2135ff6cbe5a294dcb0fcffd28e00d384b045cc00e7f0ce9b1c5510c710df917647a698da0fdc49e504e28bfcf5f16052e0338afadf23527de5a2a498c05534

Download Submit