7877452561ba5b440d93d08c6440673a62fc16e5d98335fe79c4abf6a8be9a10

Analysis

max time kernel
173s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TidyPanel Notification Blocker_3.14-unlock.apk
Size

1.4MB
MD5

8e2f35ae005f61d2a0136ca0a8099e57
SHA1

a87dcd00a8d9b16e80ca4177e2b8b52e8cbe1448
SHA256

7877452561ba5b440d93d08c6440673a62fc16e5d98335fe79c4abf6a8be9a10
SHA512

8180faed45752397c958c2d9ff03765699d9aaf17b4c2605a7cfcde347e9f6ce7d14c0a414261f6d2ab09dbe41e2a67b7906e5266ca3a333bcc5c6d3337cc8a3
SSDEEP

24576:/6qvoLQF8LHzbDMDBhiKCySgFOLUVHwpJOTPLbjCvef3vUimQtydi4gPqkEEVnQ/:/bwcsHzbDAWN3gkLuoJOHPC2f3RtyE4x

Score

7^/10

discovery execution persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.dharmapoudel.tidypanel

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.dharmapoudel.tidypanel
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.dharmapoudel.tidypanel

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dharmapoudel.tidypanel
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.dharmapoudel.tidypanel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.dharmapoudel.tidypanel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.dharmapoudel.tidypanel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dharmapoudel.tidypanel

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.dharmapoudel.tidypanel

com.dharmapoudel.tidypanel
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:5111

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dharmapoudel.tidypanel/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
d90ef00cebb7e9f36c07db2841bcb618

SHA1
1c7153b562836b1b76f133d5740301149ed23a47

SHA256
0493e6e3db959e73ede1cc970bc7e61f0088ac5029264cfb30ed2f945be590ae

SHA512
0b39088fcfa1fba0e95b1f288bb4de0e4c72e1269fe829c33d9af099b99948b26a5e79955ce5e30515921a9e98c11c656390bcaf5d0e094ebae3076b940c643c

Download Submit
/data/data/com.dharmapoudel.tidypanel/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7404c8e2f90e5ae8f15461635bf17812

SHA1
f40ac56d4f053797ec22016b6c0475c1e2ee6390

SHA256
1003a23f13a8baaf68be122af50a121bd5b25c8bd3f5b0c845110b83770451ba

SHA512
7d36ecbff4f3ffb61991953b44fdcee382620c39acfd3e0c7e1498ec3dcbe516aa207c139462cd4f14911232581a961f9ec95ce1dd37e11f442aeed8361053a5

Download Submit
/data/data/com.dharmapoudel.tidypanel/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ff501eb02095d408e15664e6678dd4e6

SHA1
a3828fd878978847bc0b31cb0ad08bfd23a2a8cd

SHA256
be8147285a71880d415d218b89e4eb016e980515259cf1d2ecfd2930c8ddafbd

SHA512
61cc65fea01d0ebf305dc69b8db9ee8f42ec52ab79ba6ecf940937ef91059c938b4542d10feaef35de90958fb864eb0cf9731d33606c8848a2a6703ad4b68944

Download Submit
/data/data/com.dharmapoudel.tidypanel/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a245fd8b00357c06bdd84e6173a0e1d7

SHA1
b4d3cd86c35bf724941da87c11871620f34896ee

SHA256
cba0bd3176ed046dd6d12281e12e040f064db62abfcf6d8258064a6ccf70d366

SHA512
da82d0018835cb5f52d3d2f45e56a4d222c826c81b7b50dabde52732ec0c2352adb3149ce4065d414d62ce58374eb199754f5fb3b865bd6ce65068c57de1a968

Download Submit
/data/data/com.dharmapoudel.tidypanel/databases/com.google.android.datatransport.events-journal

Filesize
24KB

MD5
52c630e5c5030d1534409e0385d2e0eb

SHA1
e1a8b84e9a7287e18c54f208c5952e74fee299a0

SHA256
b1f661899d3d46115b32c878da265a9051ef0834ad9149184d6a1fef9e230246

SHA512
20372cade896cc407c599cf85f81bdda7bcfb4a7bdf1103a6adf7bb979b2e62cfa0d9f9ce6b89cf6140f5c7841c0cdc3bd66f5c99bdd2b5155d7f06a47047e1b

Download Submit
/data/data/com.dharmapoudel.tidypanel/databases/com.google.android.datatransport.events-journal

Filesize
16KB

MD5
6ccea0dfdb3bb6087848dc3a0a7a9039

SHA1
61f35130e260962c63e6f3f738243c0f4024744a

SHA256
0d54fcabe507476a5a4e006706bacf53f76074f94230281557b017fbc96d7cac

SHA512
b8b6191f6b3c496057ab0774cd1f4fa7e4e417db242eb3107c18e711cc8e5da3eee27be6c87f81fad71cc1a85a8ec5089b886771b625c903cd76afd970864850

Download Submit
/data/data/com.dharmapoudel.tidypanel/databases/com.google.android.datatransport.events-journal

Filesize
20KB

MD5
3149df111c459b30f312afdfaf5433ee

SHA1
5fed19624ade9f0c9f17678b4e1fab3ae09a0e3e

SHA256
bd9a1bcb538443131547b78f7926fc3f0966ebf883b71d9d7329d66be7a8d074

SHA512
df4de2e3ef37d9903dfe5d0180df3474939dee8b72cf229de25d432d1ff694df487446864485e1dea6172f5c74496f18731724d85f4c44fc8e27f9c714e3c285

Download Submit