fc2cbc8d925ee585cdc02e99bd467c8f943f891f377d3605a1e1329d33c7178b

Analysis

max time kernel
175s
max time network
147s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21-05-2024 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BSSAbensi.apk
Size

631KB
MD5

77e3e03ba74747b0cbb3b2d72fa5dc8e
SHA1

6cf91fc0ca7b06a408fa40c55c43b8f3ee1c5983
SHA256

fc2cbc8d925ee585cdc02e99bd467c8f943f891f377d3605a1e1329d33c7178b
SHA512

faaaf30db4bedf9b63f036657530ab3031380e147ea38d1ecbafaa2785b91291c6f6e5112b8b9cc28f715eb577592130e1c56418a9069181c26e45ff9b80b35c
SSDEEP

12288:b9m4/lrMU5qnDfctsWfm9edzP5BTO/H+8X6F8oTD:b9dMbnzwdfm9ShFO/HfoTD

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

BSS.Absensi

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground BSS.Absensi
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	BSS.Absensi

BSS.Absensi
1⤵
- Makes use of the framework's foreground persistence service
PID:5099

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Absensi/ABS.db

Filesize
24KB

MD5
94d878dfd9a2d68ccd03c38321c2c374

SHA1
6703b2feade9b4d50f80e4418b90951c896c7165

SHA256
dacbe7641ea297b9a67eaf915225ab79be59e3089eeb021ccdf59bab81edece7

SHA512
88d55d65dae687837144b8c753b5f9a61bd2c1d3d89aa2817960bdd3d292a657e69f4e4f351a464569efb9297e1f1d471db946ea6b353218e7403ef60d075929

Download Submit
/storage/emulated/0/Absensi/ABS.db-journal

Filesize
512B

MD5
f6d44fed3d92f9ec871da9301293145d

SHA1
a5140897ba875d0a2b6be75fa1ffe58dc3bd1c10

SHA256
bc6df80be0483f7256e3f64e271c3b5a45bdffd19384b0004f40d1fa027345ff

SHA512
cddb1853bd911ebaaef26f7da58a1443d27d60d9a855da2ea370908a737eb897200db1c2faecc90a2ecfe8a4738ee489344af7b0d6987d02ad865c50ddbde7a0

Download Submit
/storage/emulated/0/Absensi/ABS.db-journal

Filesize
8KB

MD5
9b22c7c181f83def4b71ce97ed05f0a5

SHA1
5e92559ce0cda053b81de20668c664d3a3a3b1c3

SHA256
9272a595eba837ad2a3b5fc34059e244cfed1d799d1414e42747d29c3dc2a0b9

SHA512
bd2c5d754abcdd3262ecec8ae4cd5bff9fb4478b81170800cd9e7f8a394f424efa179f2b6bf4e41ab54d14f8fc941334588ac0dd0de61e046133e858eb34b0a9

Download Submit
/storage/emulated/0/Absensi/ABS.db-journal

Filesize
4KB

MD5
ccd8da9317f0957e4e7ce006b5fdd8c9

SHA1
0cd72389a399ca34e79f652a6a82e1838a62acd9

SHA256
bff1579db05cd31d1d4689db07afca645ccebaeb00f633e44ffa10c0b660d7d9

SHA512
557ebc039190b6be08dafaa0e844d0912eb5f89c0fb543d1f270caf20573b64fe5896b17b1e27bf8ab8eb7f2559872c4c0cd85bba6f6dfb958741a6244c891f2

Download Submit