918581b2275bee57ef1fe46920e52e765ec8a27f4103f9f5f8e763fc64885c48

Analysis

max time kernel
172s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kipod.apk
Size

10.9MB
MD5

91efe365279c2d9df553879bb602939e
SHA1

86239a7537ab9f4e4eca4c3312a176403dc2aa97
SHA256

918581b2275bee57ef1fe46920e52e765ec8a27f4103f9f5f8e763fc64885c48
SHA512

6f230bc552d3d82ab69e0eb8ac851cbc94997bd216fc86052c3ff0451daee77cfdfc5dd35ea793e569eb9e501b81a25a5ef8aa2d61dec0ce938e58052da96423
SSDEEP

196608:xEK9KyguKOC4hwjAwA1UCcXxfPAbmZdZOZ3IBC6TkaenEnDTq3GNucYIBTH:x79KoTlmj9jxf4S3ZM3+C6QaOEnDe3Gj

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

T1426

Processes:

com.etick.mobilemancard

ioc	process
/system/app/Superuser.apk	com.etick.mobilemancard
/sbin/su	com.etick.mobilemancard
/data/local/bin/su	com.etick.mobilemancard
/data/local/su	com.etick.mobilemancard
/data/local/xbin/su	com.etick.mobilemancard

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.etick.mobilemancard

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.etick.mobilemancard
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.etick.mobilemancard

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.etick.mobilemancard
Acquires the wake lock 1 IoCs

Processes:

com.etick.mobilemancard

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.etick.mobilemancard
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.etick.mobilemancard

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.etick.mobilemancard
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.etick.mobilemancard

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.etick.mobilemancard

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.etick.mobilemancard

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.etick.mobilemancard

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.etick.mobilemancard

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.etick.mobilemancard

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.etick.mobilemancard

com.etick.mobilemancard
1⤵
- Checks if the Android device is rooted.
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4315

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.etick.mobilemancard/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.etick.mobilemancard/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
cb59e236385aa909767a4bd5e48b7b75

SHA1
5ee83381f54e89f14fe159a83310fcf2ce323549

SHA256
97996a4804dcf4c8a1eb990af7d815570d5f3abedd5d4456aadaaa0bd6d69638

SHA512
e01e606f4e6b5a2b1d69c2bc1af2edbc73f3c71555408502ec8847db84ebee0c811582194f42d18f8c7c891bacca7e375e382d8c4d3295c37daf805dedc0f772

Download Submit
/data/data/com.etick.mobilemancard/databases/com.google.android.datatransport.events-wal
Filesize
44KB

MD5
94a58e8b30b9ad5cfbe6b17f19d3b2bc

SHA1
083bce4b77bd13aef2247d3d1cdbac697be1430b

SHA256
45d409a0f213e8b11623f48316d34f7d906480685ddd37feb770eaa4746610f4

SHA512
2bbbe9b6bb7f23c6d34fa8725114b0b8f05a359bcbcb8b58cdb7bd249127bd1327be0cbc250fc3ac61169f5bc0ff148aef671e7036ef5375b647618e21b6bf39

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db
Filesize
16KB

MD5
d07f0d2c69e2ce9045d30fca790b621d

SHA1
31fc712d4717db3f69f72d4f2e4171c2f9b854cd

SHA256
340819c8be731dfb1c5da05f5c22f47ff0d65a604a323b0937fa4c5f883209c6

SHA512
ca411f1978d74ced93e6b1dc32c5c2dcb3145a809bf214a4ef1dc18327307c2dec542d337b7d989f31fad2ac82b53cb10ff56604afa3c1a39e7cff648c41be52

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db
Filesize
16KB

MD5
fd12bd0f56db67c9d859477795aa857b

SHA1
224d2f1c62156911f610790951722eca5e91a5ab

SHA256
d96c408eec316cca5b758449a23006145c3d0397183735870cbb077defb85f24

SHA512
dc9e37f39d936bd213212a4c04c68b165823ecf5dcd2036bc1163ece9911e7557f408154516e1e4c82a9032976c9644cecded1a219bf687fa04daa9beba06292

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7f9bbef16f4c67a9acb63df060bb41a0

SHA1
061a1980674840535cb83c717498ea3cbc5a839a

SHA256
48f742bbf27ad1a22ea359112d7296347787d9fbbe0be462d030b9f220470d4d

SHA512
0574923e7695ea801dcccc5f07e71d856d978aecfdae8741ef2d8f8a757452f483febe79dd2c588d339c60cc979311d62fd0c3054f400d01d340bdb311044c14

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db
Filesize
16KB

MD5
2bc7be19de42d6b44eb4791ba41a4ccd

SHA1
7724d4031bc3a77690c1670c47234854583267d9

SHA256
d29d2024dda98f1ab1f4091d4746da08834c92349ac7b83cd611998d5de7a0e6

SHA512
897f78c5ccf96000c6d99b9ce47b12fce5a4b6517d9e4d08fbef92f02968b62c3b7f17de05993c3694309cc69ac60cc2049e54ae5b49bfafdb1b302fee27a201

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db
Filesize
16KB

MD5
96196c80405d1f2e78a36e048f1649a9

SHA1
040f7bc239b717fdcbc984d7155f7ca665494777

SHA256
8baa6b8e26543a8597b45d2d48fd2c7a237e4400e9768e292e867e8a914ff0f0

SHA512
a1a57eff8daede84aae104f92625a3a16075df1edbb352426ada4bdde0a96e830edb42a7f7b7393d3549d8a8ab29d3e9c128362a9c708688d38b288f6ab2afb0

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
33f5f5bc3fe3e076490a1b255ea01937

SHA1
ed72b5b5b0a649e40f364e2542c753d4475e096a

SHA256
aa750db0b7cbcdc939e5415fbfa6a71e64e369ec2a1ceea5014123f473172b6d

SHA512
1848e0cb721ecd5a294b1fe3a4e99d3a84bc3ccf812d5c59c77329b3d6384a7f3ca72591b38f6ee154d5ab316fca7bf765968d9755415f1ecc6ce8bbb43d909d

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
b7773d56681c0153b0d13b908ca95080

SHA1
15566dbe233b913029826f218197b84ea0bf6aca

SHA256
2d8ec9523046e4a78bd4254165ce77b0a0ed70070acbb3b044a73ce4fe7e2f69

SHA512
3a99d56b48c61fe2be45a510786ae544ee432891b3b16b51b68aac5a23cb457f4d398c44e14b6ece5d37ff0babed1d1079d72cf82a4716f57cb914e964876e3d

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
85c96de39b9fce9fcf9357e263558713

SHA1
89236d282a69d2de8b9aa2078566a74d38a0d64e

SHA256
9dfe61e0e5efd7f2dbc5e42995fc3718cde9bcff07d26760ba16b0d1f758eac9

SHA512
0cd4cdbfbd6eb8c18e5e6cd0c15c52206276f7c9d21e19581e7c75038a3972f2d7fe1b76ecc446470d9046548d1d4e14282ccbd85e6e89d299583b84c94df93f

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
a8e16ee5a888f6d6a255717720ba78d9

SHA1
efa74655fe2554c9130672a950b8c980c71ff7cf

SHA256
b86b8542ea486e0037ba87e1adbfdca2915fa4c411566a17d8b491f47b71ed41

SHA512
ec69c321224a5af49e600dac5e357cf6ddc3c69d5af85efc4eadaed8dcf68bf1cccc6660140fee7345c8786d7a3131199c89c355b74214716ea66458086b5f33

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
c23196356eef48fcc000fd8fcb5bfe02

SHA1
57fc879df29932dba784c41661e93261b2d79001

SHA256
110c780bb72e5bf31e469fa85f1db815493e2571eac242d48d79221f7a0a611a

SHA512
d1c0fe1354e7bb3595160f6d51d39bf089d4a050ec7fb1f04c39161eb312a0763a9bc9aa722cba8f64bc482c467a5c4d8a66bf7a4c4c29732999dc95d9b30c6d

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
0ce957a3f1f726ca85a6fc9b038cb365

SHA1
a70bc17f2c3b35eb88dabae51fb7f84eea227b9d

SHA256
b6aba7b59567942a1179b963c26f26c5ee3dd54043dd9291f3e2168fa9907459

SHA512
4421f5841bbfbf39488fc248cb0ce37e8fd32203825c7ffa19d3bdaff3ab94f4af6a1a72170d0921dc5fdeb329d014db5f5d455b4b2d713ffd0dd60eb58a7b1b

Download Submit
/data/data/com.etick.mobilemancard/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
bbc5c700563ef72345bc8b7afb820495

SHA1
16cb7483efe8a2e1748c9bf631520efa1736ee7c

SHA256
ffaf92573fa28272cad15f6fd2fe7523989f1749b8b87fe57e7f83ad0da9c9f4

SHA512
68984573030286689216a036ce775254470584397555819a112aacc2239b5f812c04f1b822865163b4578b7fcdbd5b107735166becc2f248d369bbd64ae7e765

Download Submit
/data/data/com.etick.mobilemancard/databases/ir.metrix.sdk-journal
Filesize
512B

MD5
f7ffa0ec10c1e03afd19ad5b877a02d0

SHA1
309fc47af13c1fabf96e4f5bc947a0994f69e4a4

SHA256
71618ab9b154b6a634a0d893500b41369ef48b38d3ede16587a6f1c84e17a3aa

SHA512
2fe58c592f3b0e9004a0a666ca724ba7b219c1a5ef5045c4c22eb0a7e6b2f896e8c1274549193382927d09d7084f4ee188fa309f226135adee59138af4ec60d5

Download Submit
/data/data/com.etick.mobilemancard/databases/ir.metrix.sdk-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.etick.mobilemancard/databases/ir.metrix.sdk-wal
Filesize
229KB

MD5
fed36c38fbefc6eabeec5bdf3b92be9b

SHA1
25bab67453dd6615d4b565836b128abbbf89cee4

SHA256
02b121d1dde12f70edd40d831be8599bc94cb77b1b99f72fa80db703257f0690

SHA512
5aaf93dd1d8adc12c1ba1dd7db5dd8893ed0622dbb3d613d1796cad204c7346fac7b81e6025222affc981e4857e837344f8883c2d769c41d5558d8635b73a162

Download Submit
/data/data/com.etick.mobilemancard/files/PersistedInstallation2869795979301673672tmp
Filesize
90B

MD5
d43a9b0661872847e1fce576170eb7b5

SHA1
7d1c23db7af4cc63ba3ea3bda6df34546ed6523d

SHA256
201a0f96d9ad1511366979c5c68e8f1e8f22b1118f5cc03fa0b05c25e2fc43c7

SHA512
a4071ed9e0324f99aaf271830672c5b58717a300f42ccc5d047203f004b1d24e3c1db4de698d1558d8af6ae41d57e825a8f924f3b5082a6eb545b4b5d6efb9ca

Download Submit
/data/data/com.etick.mobilemancard/files/PersistedInstallation698133694251982299tmp
Filesize
560B

MD5
d7a3253bd3579fb2ef1be1d837712410

SHA1
3d72d3e6a94844e86706b601e1235b10977148fd

SHA256
79b8a728944ebade1d942ee56b0005c5b3a09e8bbe1deddb1dc935ba4091c920

SHA512
acabb05490c7af95f9fd5698a70f1da1789bb85c99217d24adf0e8be6fd31f0ec602d595fa3256822f8ee3315285c5e8b571faa73a58da3b4121bb98bfa20855

Download Submit
/data/data/com.etick.mobilemancard/tokenFileDir/tokenFile.cfg
Filesize
163B

MD5
7893c87f39c3ab65bdf9193bb9768740

SHA1
249b2f484c988714d4d897a9a32e17e1b6713363

SHA256
6621d178760411bbd20c1499dfc5fa3976aaac318819d57c496594c1f07a47fa

SHA512
cb4c95c86ba13d21cb5d19d7afcba6637bdc3f44c647440db27f7f1c919256a8d803931f676cfc14fdcb266a5f922009d95616bacda49c187ffce5225622e79d

Download Submit
/storage/emulated/0/.adp/null_4315.log
Filesize
112B

MD5
f49a730f7cccc924e9bdd171f7178bf8

SHA1
b00023705757ba61fd38bd162df7759f49f431e7

SHA256
1d8473096e1910ac8e051ecf0d0e5375fbe800779f24953bfc2e368283b5a171

SHA512
906b095a42ae00245487e2348d98d880381d7af7938e0f72ddf7f803a871562329b06a8936f41669038501cb5fc915e2e119968a5667773bd4c02a6c9822e0f2

Download Submit
/storage/emulated/0/.adp/null_4315.log
Filesize
103B

MD5
9c7ab704db5efe343c792525f34b26a7

SHA1
fe90321b002d1695aa179300ed4b8213f40ca083

SHA256
50c81dde555e8c081564fbe759fdf68256bcd3c6e8b1bbe86a444108fbfeb6e2

SHA512
81b1a7b15542d8f8ca6ac227f4a1f22b106cde447991084e73b982677e3817b7c5d69f32146fb703f509623c4eb5365b1b35a7b5d7b57473f6cefc3383cb416b

Download Submit
/storage/emulated/0/.adp/null_4315.log
Filesize
93B

MD5
784511bdd7b7f7b794ce75b83ee4795b

SHA1
9144bd185676b02a5894bb56f1a575fe3576b952

SHA256
1874f91dc5bebb1a3955e6c6f4a91db27e5102a388e1080d6e18953c2a568a8f

SHA512
a3fb8728e0206042453b0cbb6f5a63b4d237b2a346840443aae1744835314c367538844cb4bb5c179bc5d1903e823cea36645ea5d7a5eda138f649fa86f5990d

Download Submit
/storage/emulated/0/.adp/null_4315.log
Filesize
113B

MD5
40378116ce636ba3ff918b32f1727c26

SHA1
83ed615f241e7e7fef0feefdd348a63d004b659c

SHA256
5f03b544543e487cbb7d6657c39b9ecffc1d3fa5df2036be69bddce91a0e198b

SHA512
c33e8cd09266450283c82aeb7d14a154e55c46a35a137e8317b47b09abcd412fa9b9f6c553cede42552bac8290a96d741b153aeef5e5467e747db46101a44ea7

Download Submit
/storage/emulated/0/.adp/null_4315.log
Filesize
222B

MD5
772663effe6c7020fb8aa1d075fe5b88

SHA1
12efd8ae0ea3b39c63ef1a312d05d41a6b92342b

SHA256
82d36f62ea42b0a147e15c7bd16ee0222cef89305281b9e36d8342eebb9afc4a

SHA512
4b1ad17221a74bbd9a299f0a0991f8a67c40c4f29d0fb5a3a9a478ec17bed2a6ec12be63624a89f8d54e0b26e962e22b372e316006c004ad7760dc9e6ddc90c9

Download Submit