0136e34a0e8af5030b02bfaf03775a449ff44f22bcdf8e595d8bc6e1dde122e5

Analysis

max time kernel
13s
max time network
142s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2020-11-10-12-11-11-038490--s2019083117.apk
Size

224KB
MD5

4201e9d98dcf391e8ce5b3e23009c2bb
SHA1

2db6a80f7b5b56fa584687b18954cbbe71b2b13b
SHA256

0136e34a0e8af5030b02bfaf03775a449ff44f22bcdf8e595d8bc6e1dde122e5
SHA512

e8cdd0e803df003d988dcad475668c18323c3f9c82b78d217026387439ea8458b9fa0db6a2d510f00aff6e98f67dea35cb03c7afae90623bae3507f9a116d468
SSDEEP

6144:kVrku/eNDHqyV0bMqjL+AUW7GnHNwR0YEyEl:UkeaLvIvjSAUqWN5xl

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.wireroea.baetey/files/201908311950.apk	4263	com.wireroea.baetey:baetey

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wireroea.baetey:baetey

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wireroea.baetey:baetey

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.wireroea.baetey:baetey

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wireroea.baetey:baetey

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wireroea.baetey:baetey

com.wireroea.baetey:baetey
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263
- sh
  2⤵
  PID:4311
- - ps
    3⤵
    PID:4350

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wireroea.baetey/databases/bdownloaders.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wireroea.baetey/databases/bdownloaders.db-journal

Filesize
512B

MD5
4def28cf166969ae9805cc681999f1de

SHA1
2f09f6949aa332a6a511314f1927bd0ac4dd1fa8

SHA256
cf46d32399e911708922a7b4097b1a047458591ea9811330db7b28202cc2d94c

SHA512
be276e9ad49cf0b60961b974d9b991f1bbdfc3aef4825fb76e64a4216682c3b91647b3d245ed39c68f661e2ab7b9abdc1b96e439a4d32080489e9ce4c8945951

Download Submit
/data/data/com.wireroea.baetey/databases/bdownloaders.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wireroea.baetey/databases/bdownloaders.db-wal

Filesize
28KB

MD5
e30af487335de6a988f841551dd8463c

SHA1
3f89309f5bafc0c9f118fe26ce6cdd5f1cca7249

SHA256
b0a036463059e3f0913f106188c1e57322c3248b1348842363a65b317f4e5fab

SHA512
700ebc39c05bb02c6ff1cf5db977ccd251254e4326e3a5f8c7298bff8208825e4aabac05ecf9988b5b8465a66d2ce1dcc4f8ec565ed4cfb00d3bb2dda414c0b8

Download Submit
/data/data/com.wireroea.baetey/databases/swith1014.db-journal

Filesize
512B

MD5
b2308229795c01711af9c4949bfcba7f

SHA1
8e1ed56bdb21a218370541ceb3938ceade0019d7

SHA256
6c6d17d936be829942d8cc24c61d7256c3d8bc97192b3be9559b109a21c40922

SHA512
a6136de0fe8385c645281ffd25c2e9a35201036b35541e273ec6fb5f2bd8ff292347acacced93d37033b9feb5692e530c8b450ecd1fdc11c711f72be74c09928

Download Submit
/data/data/com.wireroea.baetey/databases/swith1014.db-wal

Filesize
28KB

MD5
ad3df23d39355a1eee68eeb76b08658d

SHA1
cd11f86a13fb71db3964c99cadd2d103d76a4e91

SHA256
a5845cafc575767e335eeed2ae63d541a56626a9b5434e82bf59814fd1e61d36

SHA512
06605a62c7195c08c14d853bc9fc4cb8b1936078b9c84e443a17682e40b2e4eaf1368b16a883de1e92ec5ee568f5ec35d31ad59205054725c36baad55a7d6f8c

Download Submit
/data/data/com.wireroea.baetey/files/201908311950.apk

Filesize
179KB

MD5
96b78f5e3d9b5f98ab09a49225332b30

SHA1
3af928fe64c3d6dbdc7a425470560380b0d2da03

SHA256
3c9ac52706e72cb1ae7bf965d43d82021d75d4e6f5523e387b6ed6276e5ec36b

SHA512
90d977c9886bc655055983d2e6787bdac9b05679dd83af5dd3f5a4de9ff6a42d4c989599142dd8cf6665e22a8867ed1c0d6a412967b5a839e92ce76ab129bbd0

Download Submit
/data/data/com.wireroea.baetey/files/c201908311950.apk

Filesize
13KB

MD5
085869dbbd492a0dcbca565de47e35d2

SHA1
8e930a6fb8b95de13dbf8a80604c242636c4acde

SHA256
7251d1557cc15d80c924c716756650a864c2eb2af9b467fdfa5432e8072f11d0

SHA512
442fa6348e16e94bd1b1484765e549fa6873a93887fbd8e482a0eb3f3078315c66821a00a8efc881b6a8250d354da2422386fa1447e293e48496828c50cc8f25

Download Submit
/data/user/0/com.wireroea.baetey/files/201908311950.apk

Filesize
401KB

MD5
df4e68c02139094f614062324cdc29d2

SHA1
9686c953a7017d6cc12e6b715ebdd586f35cdf36

SHA256
21fb55419534c471cf05f2393c2bb95a2c3f7b7df8daf78eef8542d200a2c230

SHA512
b1d585428a0ba2297983e7d13a6a4ba45cc123c6d394793c68cd4a3767f106b61d2e00300da6825d77cd16c3d5ecf4b139ca347abe998fb9fa3f75afd5df4948

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads