Overview

overview

8

Static

static

6

DianaApp.apk

android-9-x86

8

DianaApp.apk

android-10-x64

8

Analysis

  • max time kernel
    130s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    22-05-2024 11:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DianaApp.apk

  • Size

    14.3MB

  • MD5

    e971a3be09bfee056598b04ce602f90f

  • SHA1

    7f691267f6ba5235f8ce735eac7ba742231146f6

  • SHA256

    b4da10cd63892cc82bf11a2638ce20e315576ffcd13838aa1a1c70c294097f19

  • SHA512

    0fbf447d5aa1b05d1c9df7774d0d756b0086d3fefc5e5d1ad56efc348c18a795c8dc04088aca5c72a506b90c5c617b1c288944634b5417288fa5b68c04db7572

  • SSDEEP

    393216:m9YE8G2qTw6XNqK8+V07mk6zfVd9wnuc1ZUlHqnCZIzG0Ynx8:eYE8DqTL87f6jWnuc1UHqCZ0M2

Score
8/10
bankercollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Checks the presence of a debugger
    evasion

Processes

  • com.medicarian.diana.app
    1⤵
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:5161

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.medicarian.diana.app/databases/com.google.android.datatransport.events
    Filesize

    32KB

    MD5

    ad7bbdcce258ba21d0a07659a3849e3f

    SHA1

    887e17f38cf736cc82125092f6cadd5753184286

    SHA256

    a6417906596802ee2a80cd22ef848d832848a6f36f4e45d320e9b98633a5c456

    SHA512

    4519d5aec86a163c9c2c97d1cf9862cc9b421749c0d78c0f4ceee31c9fe07ac557e736d5b3f72942e2d5d44b578fc8a6789f2e7a3ec98ec2199fdc50dd3ac45d

    Download Submit
  • /data/data/com.medicarian.diana.app/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    a5cfb341cbd05b0c1bfbc462a96fe05b

    SHA1

    60b024ca280b8cd856255fac2f20b8616facc40f

    SHA256

    148130e69627a76e12da3c476d51cc9b12368b574ce73f6b91a26799dd5c62b8

    SHA512

    170d3ad7c43ea86eb002402a25b6bcaf88220aa3404dcbb3d3e4f5ea3c100ad3f5e47979e1e65565ffc436cb5a540e18e087a21b8153ba95700b5314376b34ce

    Download Submit
  • /data/data/com.medicarian.diana.app/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    6f655990b4b4e34d7bcee69a4cd85c4e

    SHA1

    ddca223c3e077b6af80c4935b5a570b54a92aa00

    SHA256

    3e61c85185f395e0c060807b8cc3221a631e1db4e032286e11cdb70466dfaf8d

    SHA512

    49aa0f0c9671b18a6b6a13e2bb68ac7bdb0c46b0400312a3824a100688a31e42a93ef18fb8b550ace27c53597e10f8aa53828f4d7071958361db43511f0f97ca

    Download Submit
  • /data/data/com.medicarian.diana.app/databases/com.google.android.datatransport.events-journal
    Filesize

    8KB

    MD5

    807be451e3612feaca8b47e484295053

    SHA1

    b9e21a6cefe38a5cf061ce8b53e8c9cf1f3d1e8c

    SHA256

    7ce7001f8dccccf2759d238082080acf5e2cc31adc7e7ace824da8cc8467d2da

    SHA512

    c262ee002e1493dc1f7f25529347a4bd69ef9eb709ccc1519646b345ebab606e82fb8730970c4bb84564cc121c4e6e1326027e1aec2b815cbb6b2b2c4562310a

    Download Submit
  • /data/data/com.medicarian.diana.app/files/AdTraceIoActivityState
    Filesize

    469B

    MD5

    2f317ef829fa9abe07f744c74f81dce9

    SHA1

    c2ec16870cd429a848f0abde3c8f58e828321a17

    SHA256

    f7f9eed1aed6238ab50cbe01f334b32be519d079deb71e7b59bcc3917edcc2e7

    SHA512

    4cab98b7293a5b9a61f5f1aad5572fdd33b7a3d9ed943b6b6083108cc45b814c5d6e67d09b2b7165e337410c6e81950b1add352bc24a59a486cf9796dbc9c52e

    Download Submit
  • /data/data/com.medicarian.diana.app/files/AdTraceIoActivityState
    Filesize

    469B

    MD5

    ca35e498d7d248d32562da02f7268be7

    SHA1

    38885ce4e0cb6d8f48636b2ab2deb623d1700efc

    SHA256

    f4048838f39aae5237f52fb9a8d82bf6b4777a729cc37feeb8ea53091c537822

    SHA512

    c6660ac43f6c948cb73721bd76d735c0b5c0b67e7f9f65e90eb58723c86ee0e1967750bb6d14016ed8e370b373d07919e90341a9ed1e3c8b0da21c4669a566d3

    Download Submit
  • /data/data/com.medicarian.diana.app/files/AdTraceIoActivityState
    Filesize

    634B

    MD5

    712e8e1fa3f217b808ad25d594fe70df

    SHA1

    6fdc3ef7e6ac695aaa57b85de4b5102c4ebadb90

    SHA256

    745d7d25a021d6b44cedc8545a6477521a497124322f10c5289629175f3f031d

    SHA512

    74944841102dd43d261335d058bd77a5260cbe18899cba39c59e31cc035ce4550f83c727336c8da0d33bd0944f47fa846d553cd6a081c64761a843d23b622492

    Download Submit
  • /data/data/com.medicarian.diana.app/files/AdTraceIoActivityState
    Filesize

    634B

    MD5

    54d65bbe85243ff08ec1fca121c04af2

    SHA1

    a4c159ab99becd9e05e663919d4bf0cc90672d42

    SHA256

    f0fed3836e33609cebfdf5e7380bb532cfea61a94f21539fc52867563f8a64f2

    SHA512

    53705978c9b57d4ecff3633e626cd3db0799c37dd43a9ef98c9c178294c3d3f21a81824e1861aecfce241af799dfdb37eb40eb22eda74274371b96ee22d636ac

    Download Submit
  • /data/data/com.medicarian.diana.app/files/AdTraceIoPackageQueue
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    Download Submit
  • /data/data/com.medicarian.diana.app/files/AdTraceIoPackageQueue
    Filesize

    1KB

    MD5

    8f75abad5897fb4026c7a7062718f448

    SHA1

    34acf33a21acf5f4eab7eb4688381900e3713999

    SHA256

    a71fde53cf84c93f973cd431ff3ebd380978b57c70c2b20b6b09bf0c20081346

    SHA512

    f9a1adfbca50fe05944b258642c344e3ac162957b56e76f7801ec94f8ae9773637435df077b1745258b19a33768f17420463c2c80f60897e33e156c2e8a593cb

    Download Submit
  • /data/data/com.medicarian.diana.app/files/AdTraceIoPackageQueue
    Filesize

    1KB

    MD5

    5efd35be772b9e3b137748d452a13f9b

    SHA1

    186f1a00b3835a46f5d0586e27c907805c25349e

    SHA256

    fdd9e09249bf0033beafe99016274928772369953064915623e0c41d58b5e020

    SHA512

    8e5371ec4e55ffdcb492c76b0944939163af539f3ef3c958495de817828e0330a370082fbc78f6a1a8aa49feb0610399dbfa71cc099cfe05bef7a951b2ec362f

    Download Submit
  • /data/data/com.medicarian.diana.app/files/PersistedInstallation1459829458309474477tmp
    Filesize

    90B

    MD5

    fefeac6f854dd226588d54b83adf135e

    SHA1

    f8a94ea1f8c8307dd68835c1f3c4f3843365c589

    SHA256

    be58b7ed979b0dc04779d4f4d35c6bcb4b03eeb5cf6b913e8703d80e108bb6b0

    SHA512

    ee388f9f8645919f65a04f6c2f1085e4bc9c15d47aeb30daee8cab0a9d8aa7fd9e9659fb8f52322127f149e5464f4e08cfb40ba82e7aca907c91eae8d0407276

    Download Submit
  • /data/data/com.medicarian.diana.app/files/PersistedInstallation8339806607944829296tmp
    Filesize

    570B

    MD5

    cdc967a5d88c5ee29465474d9c97e56d

    SHA1

    c997066012c6c44e575804ceee6defe40a0e9d80

    SHA256

    5deeaffcdbd7ab4c9a68d16987a5a64ffdc820b5073727f5041f8a5900299baa

    SHA512

    426485fa4142b539ad41ac1762ac7994143156083206a37756d95b5f21aab08e13a304a4693fdd00970b09e7ed1ea88c8818c5fbe89419ab1e5382f381339a72

    Download Submit