b2e18016f02328af66311fab74dc0aa633e12a5c26456a02ed0da3c01cd6a0d0

Analysis

max time kernel
7s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7723box_pjz.apk
Size

3.3MB
MD5

2dbfa511a770cb9923d85b15a9841848
SHA1

7618c9af34437781884bec561d12ed2a0781e56a
SHA256

07d5827ef21744d399bf1888c198a3715235c887c0abc82cba3545b9864c3837
SHA512

fa718fde2af8f491407c927550410eb5eb6a40dc4df144507bd63b285ab7e8b630db85d11da5572b5ecb5b88ed38cc1cdc0d2fa7007717c17ac67ac859ac24be
SSDEEP

98304:V3XuuHwWUJrVwUOLuAXaK2Koz8sdw428SlZLx9pvY:hx0rVwUqqK5Iw42vTLx9VY

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.upgadata.up7723

description ioc process

File opened for read /proc/cpuinfo com.upgadata.up7723
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.upgadata.up7723

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.upgadata.up7723
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.upgadata.up7723

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.upgadata.up7723

description	ioc	process
File opened for read	/proc/cpuinfo	com.upgadata.up7723

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.upgadata.up7723

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.upgadata.up7723

com.upgadata.up7723
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4309

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
f47f904f816b29d5cb3662296fca02c0

SHA1
7b037c0c814853d6ce52acb7a7ae0d7e692b1b36

SHA256
9262acffa4adfa28f19431c507ac14a1a493c8cc7c9fd0673b0e665f64ae1366

SHA512
f3618cce45b02e8aa24d87ca0e79500e51ec5a4a73e8774f04fff3ab308690da0e520036b6b815e323e6a7ebc6d6a2c3c7737e6421b82f5399a70f0bcf331fab

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
d8a05af40f939bc091bc89c6728df70a

SHA1
79485d129784de7ee129f57a87bb30738afbbaf0

SHA256
a803e65d2763aed35a72ee054368da09f716d749934f2cfa0c14db6668ce5292

SHA512
8798a332d3dc4dd8f2de12a6ca47a4716b0fcfe187e831bad43f229c24be24f1b217a89beff4794b89145566450186992cca165cab00dd4746ddbd66f01e6ed0

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
36bbbcd6d458151f20357e5756da4595

SHA1
0036f743c3c39e3f8a80ab6d4b906d4e3977b599

SHA256
675445d17c85c21fe31be1e8f4c1e7165c7d57b256a670ef89b50777701b8c21

SHA512
42d28a264af469d405cc427d95cb525957879ee08fca179a06e38a66ed249f54f2c3fa40e278f5a364c7dd26d797c5ccd1bf02b673b25f53176a7356d5f74cf2

Download Submit