cd02acb157e57ca60729f5fba8e4820a6601ec5ca438b11df195be471efc1220

Analysis

max time kernel
18s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Homsa.apk
Size

8.6MB
MD5

0ace9f345bcdd194048827f2c3deaaf1
SHA1

7382f7d075afba92e586c89e82de42f32b6d5d47
SHA256

cd02acb157e57ca60729f5fba8e4820a6601ec5ca438b11df195be471efc1220
SHA512

ac6c55b271d5574ee10de1667a2ec7041b0cd184a41a606faa3681136f54ab48bac1f17cddd5f90bdecd25e2ca992193860ac13dc077da282806cc137b39bc53
SSDEEP

196608:5nOR5bq9vreDeWo8SgaJo3MPGwXcdwE/Qsjx9sY8zN9da7a:VOXW9vKeWodgaJEMHOwEzjx8zDs+

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 7 IoCs

evasion

System Information Discovery

T1426

Processes:

com.ernyka.homsa

ioc	process
/data/local/bin/su	com.ernyka.homsa
/data/local/su	com.ernyka.homsa
/data/local/xbin/su	com.ernyka.homsa
/sbin/su	com.ernyka.homsa
/system/app/Superuser.apk	com.ernyka.homsa
/system/bin/failsafe/su	com.ernyka.homsa
/system/bin/su	com.ernyka.homsa

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.ernyka.homsa

description ioc process

File opened for read /proc/cpuinfo com.ernyka.homsa
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.ernyka.homsa

description ioc process

File opened for read /proc/meminfo com.ernyka.homsa

description	ioc	process
File opened for read	/proc/cpuinfo	com.ernyka.homsa

description	ioc	process
File opened for read	/proc/meminfo	com.ernyka.homsa

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.ernyka.homsa

ioc	pid	process
/system_ext/framework/androidx.window.sidecar.jar	4521	com.ernyka.homsa
/system_ext/framework/androidx.window.sidecar.jar	4521	com.ernyka.homsa

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.ernyka.homsa

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ernyka.homsa
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.ernyka.homsa

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ernyka.homsa
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.ernyka.homsa

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.ernyka.homsa

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.ernyka.homsa

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ernyka.homsa

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.ernyka.homsa

com.ernyka.homsa
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4521

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ernyka.homsa/databases/com.google.android.datatransport.events
Filesize
56KB

MD5
2b855e053db42c985d80f97123555999

SHA1
0f1b384ca1d49413a42eb37bedd4dc2805a2216a

SHA256
dbfea1db5b8d9a91d117fadc540cd3932d95d7d01cebab363780f83eeb25f1aa

SHA512
1eb0e292aeb6dca67a80e384204850cc93d63f0829a73bc9df013b1e5d2b4a95861c994732151770789dd1bc113fc0c11de9ddc76477fbd2fb2f0fc0ac00b777

Download Submit
/data/data/com.ernyka.homsa/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
7dee5f9201c5ab8d7a2484d75247d146

SHA1
07af2136002f83da7b7df9197b99ca5911a9b72d

SHA256
ddf766dcda23357630b5ba270ed065e9bb452479fb97f875cb954a20660a4df2

SHA512
8c1ab8db4863c5fed9fa9f0b19bdda0c72bcc92329535543306128636987682416e43ac5cd6d68b258b4a1e792f08ca2b962ceb625253a9b329ed2bd831e6152

Download Submit
/data/data/com.ernyka.homsa/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
cdca5972dff6de36dfef50b3fd64eb36

SHA1
1158f5a144017e0452983cc4d563a0517cf5d972

SHA256
572dd63554a6a787a23c8eb56725f0e6212b87c4db93c3d82ae33320d17c787f

SHA512
a18e1076e86ebc09e1b5c64b2630b3be95f2f177c0dde7161fd94559b1c6f7eab179dd066cf572c3565a18b78f72222b74e6d4caec1e9e5967b72eda1ca02269

Download Submit
/data/data/com.ernyka.homsa/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
64acf2c8f99f26527175e861c9db13ea

SHA1
6b8f4b85363d26bb13e29d9417444645f0f2154a

SHA256
6ee5eb7299d964c5be3585c377dbca45cc922041197b61ffc45925f39576b011

SHA512
f8b799e70303d2fddf3b27ac43b7f57f048c0e1ae861ef1668aec192c01f8c22a17bad1416cd83fdb2a489137391922ec8263ddf598596c5900aa6d8984edc67

Download Submit
/data/data/com.ernyka.homsa/databases/ir.metrix.sdk
Filesize
20KB

MD5
414d4652a6c278ac854f157cf8c2c9a5

SHA1
3e405a07595dd58f6f1d3e537b1c6a3752ec7164

SHA256
348cb726f7dcd378d1c9f012d8b9a6d53ed6bf8c11b60ab0ba589ecf8a7a8281

SHA512
99ae8d58d1942453936a99adfcf505763e58a369b6727a4ec23d6e026be990e92de7b92b9c7b89e34911e6fa641c85b012f0154af2b2115ebfc411b3bb49be16

Download Submit
/data/data/com.ernyka.homsa/databases/ir.metrix.sdk-journal
Filesize
512B

MD5
3690dd0ff564a2150b0a381e86fd6325

SHA1
f037782ef3324406783a08a231201834017429d0

SHA256
7d396966ccc3fe63e6e75f96417ffd64e0447df9f547241793818f8cc249d301

SHA512
cda5a7c8a8041fd762f0351c2f818d5fa0e01837fbd6edb58298550a483cb1b2ec81623b8a82ae19de2e3a5a37d3978f76e37f13ab032ac7382df3fdbc2cf270

Download Submit
/data/data/com.ernyka.homsa/databases/ir.metrix.sdk-journal
Filesize
8KB

MD5
16c2e5e76932124db120fdc92232f778

SHA1
0a6f931b5e392bfddc1d5f2d9be035240a4f0db7

SHA256
aad82f02db6199bca3b8f179b861c50e3b6b2f908e81c9c4f7810630e80ac203

SHA512
a2ee7ec3dfec5edf689aab9b073d07f7881bed089c74edc55d29705e9189136e392c79255ffd29f798032b4398cb750945bc8fc305c00b13693abe940c1924f0

Download Submit
/data/data/com.ernyka.homsa/databases/ir.metrix.sdk-journal
Filesize
8KB

MD5
99166494b1b1db1bad512197b69383a2

SHA1
432be160a2475b2532fd7990ffccd3eaa9321c31

SHA256
9842d4bb075c9528fcc2bae28e2ae00d4ea4e4fe2f33d871c4906d32e55a53c3

SHA512
85134dc0b5dddfee9c5542180e3e0c4fd28ccca2a57f9194adea153f7ed6e1817efc9404cc492ea18eb9b6e07a84603c9167b333defc5b60fbb605288e1830f9

Download Submit
/data/data/com.ernyka.homsa/files/PersistedInstallation2404074587461295014tmp
Filesize
565B

MD5
531c7f49dec35d825cfd4824fb060229

SHA1
22f9fe57e08f0fdeff94a74017688e411379ad32

SHA256
12531bfa39185743fe41f293c7c08def0b7372e4d0fe3ac2441b1f3a3705b2b2

SHA512
3f24b6690d3531c99a72acd632a37de657ae48e17d07ce6a54f93515539b87365e63673e236f3c0395dc6921b0d47848cbe3c806eb3a2816a7d6467aa7a30af2

Download Submit
/data/data/com.ernyka.homsa/files/PersistedInstallation7413037872618314198tmp
Filesize
90B

MD5
855363eb5672d437433c3b32031717a2

SHA1
4ef73ae0a1a3ebe37d9c0ef89df938a3a577640c

SHA256
f36ef7ca3c7e52d67364775794ccd3ab93913f0074a35e7840c2601a31d85c86

SHA512
e6beb8483d31c1416907ef4951523709caf792bb951d001322c99eb1e133c49570147614e08482024f9b52628a0063c5cc949df33de44c4d3e575078f27606c0

Download Submit
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb
Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
2bf5e8337a4f05149d84e3ccf4e29abb

SHA1
15de2d83954f1841ddea596d9f0fb64669f1c105

SHA256
12a5f66f9614e68eca885ff7b1e956215915649fb061fd612a5b223fda5d4380

SHA512
6b7a03ecf34c63942560bf47a37fe68f598a7a746e81aedc5ef46ffa4c87da815857572dfc329c0297f05d4382ad774e111df85cff9f1e4daa3d9cb5401014f7

Download Submit
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
af3c0fb764c8bf106a06417ca6a070d9

SHA1
b7b69788c0ded4d9e6e6d24beb178b38a2e29604

SHA256
a28bf5acfcedb541bd657b7f6fd92ab4e2b488f53057bc8a63fdaa42a713dd6e

SHA512
5215406e6bbe49f1366183a8efe55065a25bc8435587b98e80474a6f172f47974945cf557aea1605b2d48196816d3e530d2b41624d810285f039782cb07d6906

Download Submit
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
36c66d962062119f248592ed37355491

SHA1
40eaa2974d3a3a7ed356affadd51912e97270544

SHA256
8f8dc3f3e886eb1ce467ffe191d4e67bd574c92250ec6d0afdf6edb43505dce8

SHA512
a1d01d2e9ea1f8566e77023a51e4c3bd0350964c24932a44735e2ffbb2ccab0a238c0ccb4bef5f2f87efe7e404b7a341df78f9731b7142aaa28861db4232da97

Download Submit
/data/data/com.ernyka.homsa/no_backup/androidx.work.workdb-wal
Filesize
189KB

MD5
0c87f0ab90c49251910290832d3a99ea

SHA1
e8133bc5f543686f293914d77fd5f96eef48db06

SHA256
0510fec01f760a61dfd9a5a865be1d3ee04eb6521cbb20643903b3079d8ffc40

SHA512
08a2424334aa2aef0a1d98ae7e123ec1647199b9dde3517bcf4a4b36726722c0996261fb08b1641fb22dae8337f9a1a8c2290c26a79a74db5b5c3d1966a4e750

Download Submit
/system_ext/framework/androidx.window.sidecar.jar
Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit