5617202442bbe35191b23e17e545c83a133b45cb186e80622088f460158828ef

Analysis

max time kernel
7s
max time network
152s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22/05/2024, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

airadb.apk
Size

1.7MB
MD5

abd61f25e1d5060c572c2da89d740956
SHA1

c75153b2c0f4bc02fa511682fc499b8173209ae0
SHA256

5617202442bbe35191b23e17e545c83a133b45cb186e80622088f460158828ef
SHA512

df051b3f322387c5ec2879bbf7a428d583db2375b67ffd2d8e001ed240a6fc8aa18400544b52f506886b1ca083b9d708922f46f7c51b24f75ce604b22ceb553e
SSDEEP

24576:qavQdkTZN/KWqXEcWdreJU9MISoIGVwaRMidByPp6oFFeRr8Dbf9:vv2kvSWgWAUCI/I05RLdByPAAcRr8t

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.ttxapps.wifiadb

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ttxapps.wifiadb

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ttxapps.wifiadb

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ttxapps.wifiadb

com.ttxapps.wifiadb
1⤵
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5152

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads