5cab6ed6a1eeb74a4af8c084188babcfb88d3a23172d06d63443b92332968bd6

Analysis

max time kernel
125s
max time network
178s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app7-last.apk
Size

4.6MB
MD5

018fe57f9ec46ef82fbdf64b85949347
SHA1

9b10d41ad901ee1cdecd534ad1cb9c07cbd6650c
SHA256

5cab6ed6a1eeb74a4af8c084188babcfb88d3a23172d06d63443b92332968bd6
SHA512

a5c1ad23384196854a622a8f225440452c863c7cc5a685a3b3e85866fc4e8aa9bd3c558cf15625213cc6e6253e2d1d06a49f9a0caf96496bb250ebd10a08908e
SSDEEP

98304:WqwtehlkNQdUOAb0kGNUcUWgsi8QEdrkhErgTaDVegv8oc+3xH:WNQcKuOu0kCV5gshvJZrS+e23c+1

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.cloudweight.client

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.cloudweight.client
/sys/qemu_trace	com.cloudweight.client
/system/bin/qemu-props	com.cloudweight.client

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.cloudweight.client
/dev/qemu_pipe	com.cloudweight.client

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cloudweight.client

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cloudweight.client

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cloudweight.client

com.cloudweight.client
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4289
- /system/bin/sh -c getprop
  2⤵
  PID:4322
- getprop
  2⤵
  PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cloudweight.client/app_crashrecord/1004

Filesize
237B

MD5
8866114c4dbe245abb4af5b74e5b6109

SHA1
0ddf87e5ebde9357d780c7d6cacd67282a7c0530

SHA256
4696aaa43f8b25b8656e04f89fea68565f1cdda59c9e78b6da34a787faeac5b8

SHA512
48c8a6f93a28aeeaee95d30d83427f7341426422e021a8b1e83e1d4acece532353c416e5765b830e1509e0d0fcbfc13f52d431f3f385f23ad2b09bd40f94ea42

Download Submit
/data/data/com.cloudweight.client/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.cloudweight.client/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.cloudweight.client/databases/bugly_db_-journal

Filesize
512B

MD5
3b54a072f132b43ef8cecaea23247041

SHA1
058baf8d9ca8eeab1bb1bdef7edc02a687000d81

SHA256
6a47a4346e4b2e147276d860a4970b64ff4f8b20c2304994a3c50903be2df7af

SHA512
b22021ab5c7e27bb7d0fa98da4f096fa2ed0e39d097d4ea135da686c97bdf719341beae9b23e560372bc079f40e38f3a6817a98b7c7381020978b2783a03b62b

Download Submit
/data/data/com.cloudweight.client/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cloudweight.client/databases/bugly_db_-wal

Filesize
76KB

MD5
6435b3850f23e89922a5fc3d23b27b34

SHA1
239193c95f7915e43f38dca88035d3165866e0f5

SHA256
f2a1d2c04f9da410d39fee6f00bd75da87083606f3c1d9419d3dd86f578a9b9f

SHA512
a23b3fa7427cfe804d0d627be6619dfecefb63ddd89c5bc06bb98113861c7ee1569a257285366cb3224f69c966fa26f46854284473f90b7510452fb427f3d8a2

Download Submit
/data/data/com.cloudweight.client/databases/igcs_db-journal

Filesize
512B

MD5
45481582f384c58cbb55f64b43ae3d90

SHA1
265a028afdffb5f28b3978867763828b1eb73cfe

SHA256
6bedefa913c6e053076877d5c4d27e1313ba32756d18cd23134d750ea586cdea

SHA512
e2483bd3d9a34525903b91be770166479491b170f60e306cb08573728045b48d115dd556708e5c8a1acce81799ff1a7f9fcef904d401407f1246fd446ea027f7

Download Submit
/data/data/com.cloudweight.client/databases/igcs_db-wal

Filesize
32KB

MD5
2e80298a47963c2fb98f9feb042fe85b

SHA1
ff66ea1d4884e0d79bb343260532b1f301181294

SHA256
c5cff9399a888228dc1a14a712d7a443512128af0001565ad4120bea7fee30b6

SHA512
2df4ff401b1ed7394787f99b94af6498d62bb0d9486a5a8cf7f1d4898d1a7094a9df86a62c5594a627451a22f2c8f4477d37365f806042ebac555d2817d1e425

Download Submit
/storage/emulated/0/CWLog/cw.log

Filesize
173B

MD5
177c5f020a8524419322774e60200436

SHA1
8fcf6f4d4828c7362c39cf259c9eb96fdafbf3ae

SHA256
bce235a487b970444b31adfbbe70e03adbd44da65031c52db47006abdee6f654

SHA512
20ee262b69634ba34da0788b9f7d46d56b83771abaeff28ffae2c6523bc30314b69272f80e485bffd12e2a77cb3c75c96bc9c469cfb874ef7f85bea8f092fc10

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads