c816d7513cb36becac080698ee3937bccfc5f8f3b2b0a436c8b46f7f0635197b

Analysis

max time kernel
174s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22/05/2024, 02:17 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c816d7513cb36becac080698ee3937bccfc5f8f3b2b0a436c8b46f7f0635197b.apk
Size

3.7MB
MD5

af60591348229c9ac3400cf47db0d146
SHA1

8a0233bf2c6272b085daade9c6fa6f3a32708467
SHA256

c816d7513cb36becac080698ee3937bccfc5f8f3b2b0a436c8b46f7f0635197b
SHA512

4c9e01cc6568d7d31d8ca7c28d7d8e5726b649c1caf323175cb33a9e2e703ea166fd030a19e230df1b8a3e22db375c7c49fa40d6bd1c9f90168ecd8b23c18b03
SSDEEP

98304:N9m7hsS4M8HR2/LXL+Jhwcxgv/q7xyvwNI8MG/koZOU1iEOVdJ5l7kfBNjF:O7iS4rHR2/LXyJhwrvKCiI8MGsoMy

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	Aktualizacja.apps

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	Aktualizacja.apps

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Aktualizacja.apps

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	Aktualizacja.apps

Aktualizacja.apps
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4230

Network

DNS

www.nxspy.eu

Remote address:

1.1.1.1:53

Request

www.nxspy.eu

IN A

Response
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238

142.250.200.3:443

tls, https

128 B
40 B
2
1
142.250.180.14:443

tls, https

858 B
40 B
1
1
142.250.187.238:443

android.apis.google.com

tls

4.7kB
8.7kB
14
21
142.250.187.206:443

640 B
10
216.58.212.202:443

tls, https

128 B
40 B
2
1

224.0.0.251:5353

3.8kB
12
1.1.1.1:53

www.nxspy.eu

dns

58 B
112 B
1
1

DNS Request

www.nxspy.eu
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.187.238

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Aktualizacja.apps/files/libaudio.so

Filesize
66B

MD5
60328193c923a14fac31a2ab0bfe6949

SHA1
32f75783518fe4512fb6ede48e2845bd7426cce0

SHA256
100bf7a4b4044fa39858dd67527eaabfc1dc1f502d9a576c1874a23855b49fe6

SHA512
39576e3a724235a3d48eb36a24981991f491849062441189ce65528b6a842533c618810dcfdf1128b0349c87094bcacbd7ab9f3d053461da2ec831d2914f521e

Download Submit
/data/data/Aktualizacja.apps/files/libaudio.so

Filesize
149B

MD5
7eaaa4c0583cd3ed5544253f937c348d

SHA1
f42f756816d3f62ff66893bdd7ca571600ec2f81

SHA256
c2854c521b9b13a4b8016a19f1015b35d3a78fbc372156895ae3afcf3becbae2

SHA512
575152a7d8ddc53d7cc58d911e51f487e8b065721dc44b6f4f59c09dfaaf7d4714b7a421c4bec1f9311c9112a81834c27032f74d22645e386303fb3f3fafb6c2

Download Submit
/data/data/Aktualizacja.apps/files/libaudio.so

Filesize
76B

MD5
cf618610c28f777630790ac8ad619051

SHA1
65204aad34fc6a7eacefbda64ce00d4fea00d810

SHA256
3f6fc7f996599c247e189a3bcd416b4cb52d9a76e34d6d211b79269ad6f9f1e9

SHA512
918f0199397439654d0490440f3c66d7289fa19682d3ea6b16ace77879d7d972054f56d59a2e933d6e7a388e63bb87da3db35b1c75e75bcc42aaa5512f0afed1

Download Submit
/data/data/Aktualizacja.apps/files/libaudio.so

Filesize
76B

MD5
7574a8988784a99a5699c73f49ba4f09

SHA1
bff95cc093baf7889ffb0ec3e4466ca37c631d5b

SHA256
0d6c0b3f38334d5b8b13b3277fb668172a87ba7f75e35a2ed21203cd326fbc8d

SHA512
e18bcc8ca40fbdd6dd069610bceb2ac5f812eff75aa251f8a6256f806c4b605d0958ff94782656753e9c0c371c6bf6b106078544558b4b1dd99097697438a647

Download Submit
/data/data/Aktualizacja.apps/files/libaudio.so

Filesize
116B

MD5
90151a5769e940e1eae76528884d7fbc

SHA1
e3f899ce54e02d283a6db0715de1b0469ba61b8e

SHA256
b87fc8583bcc13d1536d69e0f7e874a9e7ae736078cf272eb0f31e3921796f86

SHA512
9ae99e22c4c4d72990668a18864aa3ef238b6f2c408c9ccbb6fe46c183674321c0ed1eb91ecd43e7e6c75e1c8fd397f86aa7e206f1c3b4f5d02b56b11438423c

Download Submit