b2e18016f02328af66311fab74dc0aa633e12a5c26456a02ed0da3c01cd6a0d0

Analysis

max time kernel
7s
max time network
149s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7723box_pjz.apk
Size

3.3MB
MD5

2dbfa511a770cb9923d85b15a9841848
SHA1

7618c9af34437781884bec561d12ed2a0781e56a
SHA256

07d5827ef21744d399bf1888c198a3715235c887c0abc82cba3545b9864c3837
SHA512

fa718fde2af8f491407c927550410eb5eb6a40dc4df144507bd63b285ab7e8b630db85d11da5572b5ecb5b88ed38cc1cdc0d2fa7007717c17ac67ac859ac24be
SSDEEP

98304:V3XuuHwWUJrVwUOLuAXaK2Koz8sdw428SlZLx9pvY:hx0rVwUqqK5Iw42vTLx9VY

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.upgadata.up7723

description ioc process

File opened for read /proc/cpuinfo com.upgadata.up7723
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.upgadata.up7723

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.upgadata.up7723
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.upgadata.up7723

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.upgadata.up7723

description	ioc	process
File opened for read	/proc/cpuinfo	com.upgadata.up7723

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.upgadata.up7723

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.upgadata.up7723

com.upgadata.up7723
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4664

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
1f2deb8ebb7b2aa80d636f492f966924

SHA1
9ee6f6f8c126d8000aac4e25dbc70ac8556c7699

SHA256
763933c750dfba86ec1473196670dca0096837909f53807a635b751f1079e68f

SHA512
b46631f3c2d67930ae6e7974fc4497fc07b89e570a05c51c9fbf887e24bbc3550db3a9ca7241820b10656d984bf9868eb3302a55073daa8c8b58b70a7fa62f6c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
a70dc98564adbee50ad7a8c0cff46c39

SHA1
193d8caf2f001e4859878f615fc2da4e8b9f1d7a

SHA256
b8f1019520f9525e2f224563bee2d1cef8da5deab015dafe4b28aacac5ef8d2b

SHA512
f44d5b5dafdb2dad7b18606d66001c2058e088d92df2f4262ead2c080db05ab06cfc6424fcdb89868edc93e0378eb83cec4f63bca1a25014c59a3d30b92ae543

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
407B

MD5
ac841fdf5764e6123c33ef0c6b7004cd

SHA1
9c2486e5196308ff9cc7d53d30a42d74f6bd2c1e

SHA256
43b97bdc85966ac0a945577407621c8c0775694e94bc3492deb555dff0dba42a

SHA512
0646ff411769ec651720addbc0bf329da1b7bcdb0123f8082080280c3d3df3923a8af077d0abef74abae7ceeadb6fb0bedcb180c0a5a1a488b432af1ec673f02

Download Submit