a60b30fe8240bb2e381565555ad8104f919e5b1fa7eeca1654cb560a048b2721

Analysis

max time kernel
179s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a60b30fe8240bb2e381565555ad8104f919e5b1fa7eeca1654cb560a048b2721.apk
Size

2.6MB
MD5

bea6ed0da7d5a75846a72ee35e8e2cff
SHA1

a4e4bf442764983540aff8a41f9f3b54be9445dd
SHA256

a60b30fe8240bb2e381565555ad8104f919e5b1fa7eeca1654cb560a048b2721
SHA512

8f43ec2d7295c61488c72d866c88d30a7629d68e80aaad659607cfa98bb043766a527367be8d15e906530923ad14340a0a64d4c7a50c9d82f18c5b66be09476a
SSDEEP

49152:XZxJDcHiuOVHCluqTpQ4GDjrB90EjBLX2sRQewO396bEGZT1y9K/bHqCdYDN4tz/:XZxlI5OVisDjrBmEj1X2seewO3961T1P

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	oh.ymqq.fr

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	oh.ymqq.fr

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	oh.ymqq.fr

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	oh.ymqq.fr

oh.ymqq.fr
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4291

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/oh.ymqq.fr/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/oh.ymqq.fr/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
67e3fedb4691459428e5107e9b9996ca

SHA1
2cf58dd4635bbed3fcf6ebab575479b921fce8d9

SHA256
cfa53a9908b60b077fe7ef947dbb188fd52624c5953c4db167f7e59a11750edb

SHA512
9ceb79ec3ef4e2a4ed868e93a5b11cf9b87569f796f476f481719c91d5ba91f9b6f62fa6bd2c2c09f50fba762930221137d7abfd27020b445d196b885455151c

Download Submit
/data/data/oh.ymqq.fr/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/oh.ymqq.fr/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
53bfc50c52d3e5906d56ab6bcbd919c2

SHA1
1a9e05305418768b890854a47acec015c37fafb2

SHA256
6e33a328a4b512d23fa38fc44a8a97128c82f3e6e27d97cfc30356fe0b3c4212

SHA512
430a168120ca21b65fe99cc40448fb326345b1612a49d56d46bfd79106fed57a682584234a562b2e42772ed7aea15a9025da57e2e75c339f34316ed5f317aea1

Download Submit
/data/data/oh.ymqq.fr/files/PersistedInstallation913870501432782751tmp

Filesize
90B

MD5
51b59d579f5a53bbb7c299a480ce886f

SHA1
c71b4e747d37a8b132804e07a67f4e50ddac2985

SHA256
b87751847b2f9eacece7a16a18ecb834d652a4813e66ff91330bc50596920a1e

SHA512
a63b7ec12743448bfba24854dc366f38faab69cc83d943ed92afdb24d2ce1a8c4580898a349f5f493103757b24d0f93271cb8f7e2e6bb896903a6d73d5a231df

Download Submit
/data/data/oh.ymqq.fr/files/PersistedInstallation935448146779742712tmp

Filesize
567B

MD5
2de629a69cbbad725054a7e3b04bfd9c

SHA1
b240ea4a0f8a18bee4408521e101d627052fd885

SHA256
b5b2f83018db6e91c3d0042025c955f389adc9961e774db5680b66d3087d1c93

SHA512
604a43bdcd9fc306558070489b448dfad77e213d5a0ba05d0e827f40c9218aeadd24807b3cc3a5478cb1a67cdd58566e0fee6319ff01a04ffa4dddf2294b7ea6

Download Submit
/data/data/oh.ymqq.fr/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/oh.ymqq.fr/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
08b5afbe62fdb3c3faac44708c051157

SHA1
4be148a0a6a1ab5b669728181a87de81d46668d0

SHA256
b950011ce62ef25468ad26f1b2ef1135f4b2c0f1215ed79971916453537d2479

SHA512
8a33fafa1c9d8d6b1a7aa35d78b4e8e5dc4b34ae16a42993dec790973d88bdd8f7356a854725acc1fb801ac2d31b73ae55572c6b497cdfc31161e815b5a28190

Download Submit
/data/data/oh.ymqq.fr/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
cb3d9db201def17bdd583d637f960717

SHA1
3a8dd69067320a0c30ffccf7bdc4df602e45a6bd

SHA256
b2b5cf148b0431309db39f0022f1bd00172c4ef0d7b0ca8138576517e443744a

SHA512
9b0465629e34ce73b49c5b4eea897ad516e8f6a36384983a1d07a8f6a91c2b577312f1d68ca72afa3672e6ddd374700984e55cb6e7a3c8971a2790ac4424ea83

Download Submit
/data/data/oh.ymqq.fr/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
75b1aa90f45da607faee3ec67a63a8da

SHA1
535a56fe082b3e4db4b4fb4c875dd0eff267637b

SHA256
ad8bdcc0fe60e10a51e4bb4d7c4e7d52c40d449c3adc54f292677d89a32ea110

SHA512
6bf3230ef3ce4849f3f11b0495ae3cdb7ef12f2b6d982b286326d2a949ab9ef3d5757bdea2f5d23395074e90c9ec54b6ffdfddc7a80b75b8b0e3f10b475c4a72

Download Submit