0136e34a0e8af5030b02bfaf03775a449ff44f22bcdf8e595d8bc6e1dde122e5

Analysis

max time kernel
10s
max time network
185s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21/05/2024, 05:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2020-11-10-12-11-11-038490--s2019083117.apk
Size

224KB
MD5

4201e9d98dcf391e8ce5b3e23009c2bb
SHA1

2db6a80f7b5b56fa584687b18954cbbe71b2b13b
SHA256

0136e34a0e8af5030b02bfaf03775a449ff44f22bcdf8e595d8bc6e1dde122e5
SHA512

e8cdd0e803df003d988dcad475668c18323c3f9c82b78d217026387439ea8458b9fa0db6a2d510f00aff6e98f67dea35cb03c7afae90623bae3507f9a116d468
SSDEEP

6144:kVrku/eNDHqyV0bMqjL+AUW7GnHNwR0YEyEl:UkeaLvIvjSAUqWN5xl

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.wireroea.baetey/files/201908311950.apk	5155	com.wireroea.baetey:baetey

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wireroea.baetey:baetey

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wireroea.baetey:baetey

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.wireroea.baetey:baetey

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wireroea.baetey:baetey

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wireroea.baetey:baetey

com.wireroea.baetey:baetey
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5155

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wireroea.baetey/databases/bdownloaders.db

Filesize
16KB

MD5
8846a399d084713b58833b4ce5190504

SHA1
a1faa0ebab9803234e99f5704f36f8a4164fa37d

SHA256
6067caf068de3e57b351b413a6957a3082767d2c37dba5b90147ffc8e1d8a303

SHA512
4a8bae26bd74941806df6dac828f6e0be556f5012cc999c5879e8b8e49b8a02841b68e03472dcea3c5436e8d29793d4013e6d8c3a2a3855f2daa72526cb64712

Download Submit
/data/data/com.wireroea.baetey/databases/bdownloaders.db-journal

Filesize
512B

MD5
7a93a85fdb57ba33fcae8fb46767cce8

SHA1
2a51a3e2f327a80de025e3a1da399e3b62f1318e

SHA256
bc3573a7b4560da8d859e2d0c39b40685aaa8230f08148ead49ff6d4d68c718d

SHA512
bb724928764e6bad5e67040500936e8e4591fbccdc33cc9838d0cf78cccb3387e7f3de6b68e2428662e30ed39436db1849a8ba127821ea68dd0202562ef6168e

Download Submit
/data/data/com.wireroea.baetey/databases/bdownloaders.db-journal

Filesize
8KB

MD5
fa31b9aa5024b8e290814539834c124a

SHA1
fbec543a5b7a9476eefe5b54589f83bf557e5fee

SHA256
6ec41c31ae5d051b0f417ab80fac1c59490c44fe9285b611aec80d0146d663ed

SHA512
ca566b999b7fd2c2081ebd7ad2241392683267359eff68d610cadc79e0a04d56be4039dd8bec67d21d8e9d15bbdc677fa4d8ff2d012abc311095e421bd698f52

Download Submit
/data/data/com.wireroea.baetey/databases/bdownloaders.db-journal

Filesize
8KB

MD5
2cd5e5e205a4ec5d791eef358d643daf

SHA1
eba4f5d687c3acda26c0ff5d01f6664b8650d90c

SHA256
03e550e7ed56b6681b10ee1d821da3aaaa6166b6a3c3859dbc97c4f8abbc5c83

SHA512
0bc50a0866d6053b8db5c75a23bbfa1c666eb080fb53c48c3643b760b3a79acc010d46cdf7a23a39a92df50f98fde975abb2e23cc4ff4c883c3cfa99bea6c710

Download Submit
/data/data/com.wireroea.baetey/databases/swith1014.db

Filesize
16KB

MD5
b9009f0fb9a394dbb949e229597e508e

SHA1
a6aadffa63f2f829eb4146272827817b9a4901a2

SHA256
cce8873b635b1344d9b707838ba6fc57da36666cce38cde09cd2d1269c9b036b

SHA512
06b6acbd7c274f6361d7a6639a6403b0d7ffee6171e8915db5612987cb2824ae8b7781167a71c6a682a143286b235acf566cee4af88c356eb0a9a6118ea3d32c

Download Submit
/data/data/com.wireroea.baetey/databases/swith1014.db-journal

Filesize
8KB

MD5
4c49417f3869418ea6956ac2a3a797e3

SHA1
b00a23dcc40f009b8d46c7434dd887f22439d09a

SHA256
b6348bdcd00de6a6dcdb6da0601b7c49e71d2463982813002e5cf6d74fe6ffd4

SHA512
142264b717b49795980378f52af1caaac75eaa3c01b79baa33ddeb5dc522a1439e7743b9ad3eb56f5fc7f951f2f8c6b9522cca073ec51bdecd2a43134054359b

Download Submit
/data/data/com.wireroea.baetey/databases/swith1014.db-journal

Filesize
8KB

MD5
e0fe251ea3acbd04aa8e42a4e1ef7fbe

SHA1
b6dcf9ccd726f84fd877aeac4fb634a7b14f306d

SHA256
a4fe426ac4532f14db75acb1acf8bce6a50bd56c55899e006ee23f48687303ee

SHA512
6de0baf753fb5f2050a881a5928e561cd15ec4dab60fc9da6ac93c8f073b2be7618ff1d0a639896c874390e759a61ca0bd7029eaf51c528b4da13376c7798140

Download Submit
/data/data/com.wireroea.baetey/databases/swith1014.db-journal

Filesize
512B

MD5
17e5150bc79781a1ce38d809705b17f2

SHA1
142665e1ba3b20f1020c83b99a8bcdfd85fb4eec

SHA256
5b9ad9f875b55dddde4601a7e21c01bb122817064eac858d1e2f1234994690ad

SHA512
879010b668f26c21fd089468008a20ba8a36076559b1d9fa7aea4e548f40b924c94726d571e3e329aceee5bd38d5305e458bbe64c53333592250c4abd37bdf13

Download Submit
/data/data/com.wireroea.baetey/files/201908311950.apk

Filesize
179KB

MD5
96b78f5e3d9b5f98ab09a49225332b30

SHA1
3af928fe64c3d6dbdc7a425470560380b0d2da03

SHA256
3c9ac52706e72cb1ae7bf965d43d82021d75d4e6f5523e387b6ed6276e5ec36b

SHA512
90d977c9886bc655055983d2e6787bdac9b05679dd83af5dd3f5a4de9ff6a42d4c989599142dd8cf6665e22a8867ed1c0d6a412967b5a839e92ce76ab129bbd0

Download Submit
/data/data/com.wireroea.baetey/files/c201908311950.apk

Filesize
13KB

MD5
085869dbbd492a0dcbca565de47e35d2

SHA1
8e930a6fb8b95de13dbf8a80604c242636c4acde

SHA256
7251d1557cc15d80c924c716756650a864c2eb2af9b467fdfa5432e8072f11d0

SHA512
442fa6348e16e94bd1b1484765e549fa6873a93887fbd8e482a0eb3f3078315c66821a00a8efc881b6a8250d354da2422386fa1447e293e48496828c50cc8f25

Download Submit
/data/user/0/com.wireroea.baetey/files/201908311950.apk

Filesize
401KB

MD5
df4e68c02139094f614062324cdc29d2

SHA1
9686c953a7017d6cc12e6b715ebdd586f35cdf36

SHA256
21fb55419534c471cf05f2393c2bb95a2c3f7b7df8daf78eef8542d200a2c230

SHA512
b1d585428a0ba2297983e7d13a6a4ba45cc123c6d394793c68cd4a3767f106b61d2e00300da6825d77cd16c3d5ecf4b139ca347abe998fb9fa3f75afd5df4948

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads