b96a372560290cb0c1f4b0781fe1b7959c041cac8aed4aaeef7875f70213fd70

Analysis

max time kernel
179s
max time network
142s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b96a372560290cb0c1f4b0781fe1b7959c041cac8aed4aaeef7875f70213fd70.apk
Size

2.6MB
MD5

4a93e1e62d0f13da696e7ad90aef2e5d
SHA1

1908fff3ff3fdbef3c7bc2ec22e68c72fbeb5633
SHA256

b96a372560290cb0c1f4b0781fe1b7959c041cac8aed4aaeef7875f70213fd70
SHA512

fc2ce883c431799603573b8296f1cdaad6e4d38e11a9f3ec585bf1ada5ef203f8d87215d734fc0e61ca9dd5b2d2b84be16f3a51bf85801ed98246f8106f81507
SSDEEP

49152:XZx/F5cHiuOVHClugTpQ4GDjrB90EjChXjvCTYXN920N7DsOOsS:XZxN5I5OVi6DjrBmEjChTCTYXb2rOc

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	hsamtm.vwm.lpxq

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	hsamtm.vwm.lpxq

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	hsamtm.vwm.lpxq

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	hsamtm.vwm.lpxq

hsamtm.vwm.lpxq
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/hsamtm.vwm.lpxq/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
b8e422a2c0bb9d1c52f51fd814e32589

SHA1
6fa02be943676556eff6bc8f1f1d4a860e1de866

SHA256
428f879d3874b2a6f4c3fd991a545926e87d87c94c3c771805d36ba66097acdb

SHA512
ea021f92dcc2f9246f834b63a4c83ea0c9ba81a6f5a84e95f2d6cab2e78c0f40aba3aa6ba1bb9ca27d2d82cad17db2d89dd63e6c02b285e4aae80e81a7af7246

Download Submit
/data/data/hsamtm.vwm.lpxq/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
22b69bc89a717f21f3d3fa8e0ba6ade4

SHA1
640bb3bf64e92b9410dce732318a823e40e9ebcb

SHA256
bb77b505127f7537d7a353a9eb9ac802303a57e415b65505cb3ce95a9a699da2

SHA512
0c73887352a4407fd9d2b85f1590dcd25d8e0f4a2764e7a018e88f17abe9dde226cc9713a2e609bc43147407e177557d892a9b2cb0a12a881d853ea49feb2ea4

Download Submit
/data/data/hsamtm.vwm.lpxq/files/PersistedInstallation3931115794696033839tmp

Filesize
90B

MD5
8c437466acb4971b9599d59b6c478c65

SHA1
950f84b0f263f9b49b85a2350f8fa129360b7bb4

SHA256
c81b5dc876cf9680a553837feb725723601dd460734f881d8d1488fd1ed46b57

SHA512
a0296e38afbee2388b84657936cdaedf2bf7dffa44c6408413ecb008874e6c097758c4edecd9268b28721a4897696c1a0f626d19279a3b10cb96d6ccbf2ccc31

Download Submit
/data/data/hsamtm.vwm.lpxq/files/PersistedInstallation5220443370216363254tmp

Filesize
569B

MD5
fb8b66212985b7463e435f80d028a083

SHA1
8c0b3e77cacc8ca8e337f6f71509698d45ff2bd8

SHA256
5eb678180070b2ca5441ea3f2663328d881d38a532209150e54a892cf34bc12e

SHA512
210a11e6980ae1b5c1d57afd2ebd689af68697589e855cc5892306e14878360bab1559ebd8d95cb6bdde87cded5c7ec8a64c291da05c7f615c681755b0096f34

Download Submit
/data/data/hsamtm.vwm.lpxq/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/hsamtm.vwm.lpxq/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/hsamtm.vwm.lpxq/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
673dbd1f180d13e5db68cd02c9ac434f

SHA1
3a880204cc13ef7267a8b3cf84d31ed675093171

SHA256
77ce60a1858cd685ba1e4dcae9a81f05b4b5f5ea08dc9c8a49dad4e83765913d

SHA512
9c00c4df2eb6f27f6ccb8c59a0537dd3210689041fd133834c7c994e882f2cf757690fe741a47d59fe13e1ac84d0ac79e8c8322d01cabf3e872149fbef750eed

Download Submit
/data/data/hsamtm.vwm.lpxq/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/hsamtm.vwm.lpxq/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
8557d859f861064418149cbdf4b60fa9

SHA1
009d34d2b1b7813cc69b247e16063f29e438ccfe

SHA256
089a171e4e6eeadf41eab28536bb415a27b723c1de402f317fd0a66eae271dab

SHA512
c45b0b19f124a4a871db39e36ab390d509c1dc9bb82fd2f46a4a3d4068303ce222469b0b20567c08ddd1547b74ebde0127d4661918437d446b517dd79ea7bd88

Download Submit
/data/data/hsamtm.vwm.lpxq/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
ef731dbb3cdcb079a9c8a5a39f21a27c

SHA1
afcc023d5641bc34341148ee425af7a891068503

SHA256
71568d32dd3f32b6d8c491015e30c25da1901bcc8ff57e3aabe03ddcfb8d015e

SHA512
12f2d1ad26607d51fa94ff0436d15a7bccb1d6050691a469f896e38f8f36f3b5a476f9a24b6b6e942541b53692174b4826ab8933aea88da3e61d67a100b31008

Download Submit