5c2a5e4adb88f28a2b210cef15ccfabac00dc7f9e03f46bf3bfc82b39ef30bf5

Analysis

max time kernel
14s
max time network
152s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21/05/2024, 05:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2020-11-10-12-05-25-270583--s2019083117.apk
Size

207KB
MD5

c12ee0ee187e33f4d45a6bc820f3750d
SHA1

c4913cfafab053c6e6505f489f5652bcc2f260d5
SHA256

5c2a5e4adb88f28a2b210cef15ccfabac00dc7f9e03f46bf3bfc82b39ef30bf5
SHA512

4ea6205e1cbad0233eb5da9a651396d64bf8368a6cb56439de348689b88b6965efabc209de3811b1106b6bcdfd7b30e8b19943f77656087db6a397fff46c8fca
SSDEEP

6144:g7TuyOuJAPcqiHiMFnUj+kUFQNaNVFlsMaI7kVDxbz:g7yzFi7WjvU7VFlsMh7kVDxX

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.healthy.fitness/files/202006301450.apk	4325	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.healthy.fitness/files/202006301450.apk --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.healthy.fitness/files/oat/x86/202006301450.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.healthy.fitness/files/202006301450.apk	4296	com.healthy.fitness:fitness

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.healthy.fitness:fitness

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.healthy.fitness:fitness

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.healthy.fitness:fitness

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.healthy.fitness:fitness

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.healthy.fitness:fitness

com.healthy.fitness:fitness
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4296
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.healthy.fitness/files/202006301450.apk --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.healthy.fitness/files/oat/x86/202006301450.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4325
- sh
  2⤵
  PID:4358
- - ps
    3⤵
    PID:4394
- sh
  2⤵
  PID:4414
- - ps
    3⤵
    PID:4446
- sh
  2⤵
  PID:4467
- - ps
    3⤵
    PID:4489
- sh
  2⤵
  PID:4509
- - chmod 6777 /data/user/0/com.healthy.fitness/files/c202006301450.apk
    3⤵
    PID:4528
- - /system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.healthy.fitness/files/c202006301450.apk /data/user/0/com.healthy.fitness/files/c202006301450.apk -c com.healthy.fitness:fitness
    3⤵
    PID:4546
- sh
  2⤵
  PID:4609
- - ps
    3⤵
    PID:4629

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.healthy.fitness/databases/bdownloaders.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.healthy.fitness/databases/bdownloaders.db-journal

Filesize
512B

MD5
3e2096f36fd7f6ebb830a3e3a0bc13f2

SHA1
7a6b9deffe23d39c506810dded67d9608e7114a9

SHA256
ec7b934dfae1690643235c55c6aa4a8d174da391c9ecb596eb73902017cbd09e

SHA512
80f210cb51ffe8a7b211e1c6348032154a615fbac2f7e0f62294bd81f2dda29158bac8a2e167b473e4110bb05212e3df02db9b6b53a8e6dae9811f0dd27ced83

Download Submit
/data/data/com.healthy.fitness/databases/bdownloaders.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.healthy.fitness/databases/bdownloaders.db-wal

Filesize
28KB

MD5
6f50c4607d7327fb53fb1818d7b86b5a

SHA1
8cea227de7e42d48e2e20297d9f2921c58e4c170

SHA256
9afc54d78bb01b1434c00101c552e747cd83af78deb42cdfa087a588f83032ec

SHA512
e2f4885b6abcb520173bdfbb4cab1a218e7ccb66dc4d6b93673d673be362f403349af022913d460d63b22ab990ebd750ebc739ebf95985e4fba47bc4303a4541

Download Submit
/data/data/com.healthy.fitness/databases/swith1014.db-journal

Filesize
512B

MD5
2cd1e875160925c7f5df118e17b3eb28

SHA1
8fd2985f54a2b345ff809dc0f964fc0851861dcb

SHA256
37e6d68d39a68d05951caf83e58a3d7bb58a20436928a9c521517c6bf68470f5

SHA512
e61098fc8f4a9abb7f5b5bade3ee1dcfc7cf00c5818f685d7eb1005644500093853538c1a8fe8214e1b7f88219a7924557769496e2817defe325e0e1ab2c3438

Download Submit
/data/data/com.healthy.fitness/databases/swith1014.db-wal

Filesize
28KB

MD5
2640efeaa1d6d05cf739b1dca6ef45f9

SHA1
3e50d9e311d81fe89e93a8a30a4f2ea93b0dbc4d

SHA256
75a091ac19e782ec5e07bbe285857ffae102b5b9d5aa12401395f54cf777aa6c

SHA512
a8b3cbc134b49089399569dbdd4787583a65d6a3c067629a241bbdb3f91c6273a59fdb62550b85a50a93ddeac7b673a1db9f81ec09b078bdc806f84c19256ab0

Download Submit
/data/data/com.healthy.fitness/files/202006301450.apk

Filesize
170KB

MD5
c06034964781094df745de52eb759565

SHA1
926b46e4b7193880c50fc66d7e6d627cca4e9da9

SHA256
4cf95ebed45a80c7aafac8a9c1801b9e42c0f8b634ac92bae94bcdb26feacb3d

SHA512
c55be1a679ab8aa2b11bbd187fab3d019e7a69aa285628d724fe0f5a2f6e36d5dcb1f387aac46cba9d4fdf654d48df73739cb08836878f1602d6aedf64432917

Download Submit
/data/data/com.healthy.fitness/files/c202006301450.apk

Filesize
13KB

MD5
ab2f09b5b6be6e6ce1398a8ce56f48e1

SHA1
acf42f3f4edb7af57c11f3596ce3cd51ee22a2e7

SHA256
29c5874f14e82017dc130df418ead32ce2b7a8f0cf1659d1619c702f66d973a4

SHA512
7cb73254130399cd1420b58ff5688145f6bf2c3c1b5cc0d4b540c63963a747c02da03a589beaf62bf06bc0a812297565feda0629240933c23fea5ecc97475aea

Download Submit
/data/user/0/com.healthy.fitness/files/202006301450.apk

Filesize
381KB

MD5
b0e51197262e2db4ac09f1436eefcb77

SHA1
96f329ff1092df32f53da65f987a0affdbcad5fb

SHA256
1129bf9636a67f6626729088e07ac0133577d098211f0a9d6f4c1c3095514bf5

SHA512
7a101fe7eadfe8c088fa086d171e0eff7097c13f7f339b87073be318ea8602e66339c6cf6f2938d2f4fbe7e2305e6a7e8b81a8937b0d22a9599000ce3a4a348e

Download Submit
/data/user/0/com.healthy.fitness/files/202006301450.apk

Filesize
381KB

MD5
d92702b54937bd790cb9a65508fcaf9f

SHA1
8a4cb9f3ff8d4585ea32cf82faa229fed63672dc

SHA256
7ab291aa8ab43304b0d25042ec1e40c10b671990fa202ea78813849dd2a80dea

SHA512
3d743fd5ff680fff12e08cd680958e77c105b374ea8fbe7b6f8a343c88fd0b528a8daf4839a399c3c3c6f0649a3585dd876847167f2c67868d0fe72fde12d3f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads