1afe10df205056d781d469734d5d218b126545d33406ca4db7c0db37d558fbd3

Analysis

max time kernel
128s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Put.apk
Size

12.1MB
MD5

c5152f9d4a60ccc803fbd6004c1ce4a6
SHA1

20502adf9dfe12eb9ce828952b3b3351baf95f5f
SHA256

1afe10df205056d781d469734d5d218b126545d33406ca4db7c0db37d558fbd3
SHA512

5257fdd7a045663cd6b556547d8745e9fe11fa14cf3ff57901c10e1e037b58acf5aa30388815a60193bac653ab5e7d7bb52ea5ec09b0d5319883b74aaa2623a4
SSDEEP

393216:AGEIDy815RGkEWQ0/vQc5my0rgd+AOX4N9ot:A92y8Akbn6JI+AOX4m

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.iran.ikpayment.app

ioc process

/system/app/Superuser.apk com.iran.ikpayment.app
/system/xbin/su com.iran.ikpayment.app
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.iran.ikpayment.app

description ioc process

File opened for read /proc/meminfo com.iran.ikpayment.app

ioc	process
/system/app/Superuser.apk	com.iran.ikpayment.app
/system/xbin/su	com.iran.ikpayment.app

description	ioc	process
File opened for read	/proc/meminfo	com.iran.ikpayment.app

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.iran.ikpayment.app

ioc	pid	process
Anonymous-DexFile@0xee8ff000-0xee8ff12c	4275	com.iran.ikpayment.app
Anonymous-DexFile@0xee8ff000-0xee8ff12c	4275	com.iran.ikpayment.app
Anonymous-DexFile@0xee854000-0xee85412c	4275	com.iran.ikpayment.app
Anonymous-DexFile@0xee854000-0xee85412c	4275	com.iran.ikpayment.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.iran.ikpayment.app

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.iran.ikpayment.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.iran.ikpayment.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.iran.ikpayment.app
Acquires the wake lock 1 IoCs

Processes:

com.iran.ikpayment.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.iran.ikpayment.app
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.iran.ikpayment.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.iran.ikpayment.app
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.iran.ikpayment.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.iran.ikpayment.app

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.iran.ikpayment.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.iran.ikpayment.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.iran.ikpayment.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.iran.ikpayment.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.iran.ikpayment.app

com.iran.ikpayment.app
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4275

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.iran.ikpayment.app/app_outdex/libdexprotector.mdpdjt.4275.so
Filesize
477KB

MD5
91f2cf54b441ccf900bf24a6e09f2115

SHA1
97d72fc639adada8a445219a8081347b9b9fbb3a

SHA256
d9464e52eb3b61773b68e00430f5ae99730505cffcdc7e5ca8fb3c476b56962a

SHA512
6c14b80b285653eca7fa2a11d7110bfeacf55433d2ced5fcae3a6e5a97bd70e4fc41b423f0954a137b7188671ee1ff77328c7b0ed3d0382581c448202ae05365

Download Submit
/data/data/com.iran.ikpayment.app/databases/LocalCampaignsSQLTracker.db-journal
Filesize
512B

MD5
d8ee5352ddaef0cbef21c1267c5faf6f

SHA1
d375af3262b755577e379f8942b4dca982d0bd06

SHA256
a8a6d7a4ddcd34fc20995a1e4624a75ade419b49b35bac098cd2d8dd223e71e8

SHA512
a8096fe80060abcd7d1bb493e1dcc13736aca23b9f8eecf354e57561f350797d8a50806ff5d623f06a185716a4999b24b201a550f382b8e3b4936df68276326c

Download Submit
/data/data/com.iran.ikpayment.app/databases/LocalCampaignsSQLTracker.db-wal
Filesize
36KB

MD5
226f96c21f51ce2ab446372a8c478d60

SHA1
8333adacdf2adc5968e0a57a22892426cae74bd0

SHA256
7bb6cb0078009c5e583b24fd6c387e522ad7937f033798edaf63df3a61887215

SHA512
5c7d82a08d13f12f80a76121fbf0dbe68faa522e7092244182ca5affb70d02fe58382c0c64e39f837ebc513f41bc384cab51f95987ada6a3de7a70f3ece0e334

Download Submit
/data/data/com.iran.ikpayment.app/databases/MPaymentDataBase
Filesize
48KB

MD5
312c6f1c1b752993be7639a8abb0940e

SHA1
d12476581c782308f4a1e2f61793aeac043dd835

SHA256
1c21eb9e194cacca77fc320a1ae30ac0be017c770e08f54e80ae3843b0b8cfe4

SHA512
8f1ff5459e4e449a07c85460eb9a8f90a0ae0d20c7c8be865952b6eed34d847f60b0f90db563d5aaedef4409f7beceb1d1a4fae4d30522b1b6f982567a459322

Download Submit
/data/data/com.iran.ikpayment.app/databases/MPaymentDataBase
Filesize
24KB

MD5
d72a6dd9004fb80b4c00b6bb709f1785

SHA1
e7e52d79784e3fd28d2a9306a458190f5e742b33

SHA256
40bd8648d0e181d6705ef53e5cfa3097e3240ebc19a905cbc928e2f494530310

SHA512
8da010135f1f3c576772bf9c9e5f4a55e7a56a2b1e0bcfe282a678eb67117d7d9f0ca63474482776a4e16e342988f3be39996e0e49d150c8339ae39a9e880f83

Download Submit
/data/data/com.iran.ikpayment.app/databases/MPaymentDataBase
Filesize
32KB

MD5
eab3b84607ff867577f25d65817e59f4

SHA1
be0fb853bddc5d5e761a5219e4a8663a72f120f5

SHA256
2b062ac016919c7f3096a0c9314bd94e1789bd2705ae71e588d95215baf23bf6

SHA512
24bff7b40713cbed7f43f2d4299b63da780fef8148c33c2a9ad033e6598a25cf0644b8d45cd5e540b59d81decd56df6bddf415858fdc6a48f0fa1109adf1ebd2

Download Submit
/data/data/com.iran.ikpayment.app/databases/MPaymentDataBase-journal
Filesize
512B

MD5
45a27deec1e27caaf61fff1c449c723d

SHA1
e07ac8eb62b5eb895158548e936d5b7f48da4c5c

SHA256
9d92a0eeebf3c7c0f90034ca4be54b1695f6c46843b35f461108d317af93ccb2

SHA512
e089a482b19fb9a2a47e6278eb5f057909a3360e95d10bca5001e71c613d300c315a8f72e550679fe084867849250f411f46598ad75dc69d00fb137825c637a1

Download Submit
/data/data/com.iran.ikpayment.app/databases/MPaymentDataBase-wal
Filesize
76KB

MD5
957e08c492a77df58cfeb8c273c0f05b

SHA1
7edb4f55256cb39bb383f84fe009dd0d3660c985

SHA256
5c8b9ff2d5c4d939c321e44ff19f67cd2fea831437f07edaa83e995c39f24141

SHA512
a8045af0be5a74f9e64d6fa6275ded98f04c1cba11f18cdada58d32e6a386bdd22afda37193f4321b979da4e8e4d176d14500453cdd02f9b2139468936dfed81

Download Submit
/data/data/com.iran.ikpayment.app/databases/MPaymentDataBase-wal
Filesize
4KB

MD5
9eb3030e5294e3df09be25fa9878a04b

SHA1
637959d967cb53ca209cc20f0f4f55f0a4fec137

SHA256
26f251873fa48f5455f3359202880895495aeb69e438c084a3b9942af4b6e805

SHA512
f74392eeb700b2c881c82498e8aa49a94549b0ee7f0523352468d939ab9d75a3b8ab4726003896fba7e3d8097fe5ac435dd731573e0c1d9f068db4a379e33e8b

Download Submit
/data/data/com.iran.ikpayment.app/databases/MPaymentDataBase-wal
Filesize
4KB

MD5
ef2790b30027dec8a9c815d8b290d567

SHA1
afeb9fe35b23bf2ee10f358d546a9eca34cde5e0

SHA256
1f1104bc515a0eb8fc08c567c8de4142511ecd1e3f0f1086e5a1ea9a854b5a47

SHA512
35d4ef518e32d2c975c797bbd84ff60a91529fa6078dafe599c47612d7c568b2f74606d1e9e5b2ca3cb5af6d540ea794b200ad039b5585e9e5a8589c8ed9ad3b

Download Submit
/data/data/com.iran.ikpayment.app/databases/ba_tr.db-journal
Filesize
512B

MD5
e4633c55a78d48341da2f41a3b94c875

SHA1
01c559418ad3082f6cfa7417e6697cee671322e8

SHA256
5c8b27abc174e1f6e91733cb6c1f3edd38c7377346b384666e493e8f0bf3a738

SHA512
61ea1903838b20a4eceec835acd832d46f39034d54a85070f104e41604bfde0b3f9fe5644f255ce8d6804ad6ac30024b042f7105cd3a501a35db689609a4737b

Download Submit
/data/data/com.iran.ikpayment.app/databases/ba_tr.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.iran.ikpayment.app/databases/ba_tr.db-wal
Filesize
48KB

MD5
d1794d4510d6e6778581e03453e048dc

SHA1
78a994cecf86387218260fbc2bdbb80825ead530

SHA256
3ad6a58d6e1e7a0d421d2d9bc8f7f77d12ed0ec647441a821e55d94760d4f67c

SHA512
2aeeadf40ec15320ef52cb3b9b28e79343bb8061b082b2368fc9c330da64e1f1eda620ed6b730ebf66bf12c616c9d632ce041fd856b07fe0ec7a9abe0201e332

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_analytics_v4.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_analytics_v4.db-journal
Filesize
512B

MD5
b3f5e2f7211c757512baa361cd5c8fb5

SHA1
af036fb4bc0845fba935c3b48c5759c44fc1292f

SHA256
bf823da5c5bc9a42716f3a5d964e3d3a0d2de4be12e3c9d727fcecc8f00e726f

SHA512
995eaacdd4b2227f9a748d8798d05c1a0849c345f58a0484a5e16c6c4c8cfa6a7f6e5498b49c12256c6c55f21375724a6b902d5184df2dbc53bdfbc023d2aa8d

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_analytics_v4.db-wal
Filesize
68KB

MD5
6f6449c30aedd11472e60fbedf89f841

SHA1
fcf0af1e3789ee19f2a96a9ba9c94e1a013e360d

SHA256
12c6e5261008c89e763a205bbc152dae91e7884b1fc494c496abfad08096aa65

SHA512
f0df12b3c2a9ae6f5c2e108561ed00cfd0c4b1f316e95420e4975ccc8eaf7edf755033dff26bbe8f52baa3e6415adec3840146aa340ebbf8d8e23ff9609f2ff0

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
3b9f5d7dd64305a58fd87058592dec58

SHA1
8df44f4e1ea646ee03d601eed6870aa1ac274376

SHA256
bf7b5a9819f225b93f8eabc86fb429db4bf556865c9b6e75b39a5cc93d03aebb

SHA512
751df201c0c1cf612ad12f15815a507db85880de7ff857329cbf2a428a002d8e7c0fbd011edcf50f5d03694031e9db94b3ef681e48ef0f56d6a8ee149d3412ab

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
41172d46ff8888be4cfc7da9dc7d75bd

SHA1
83758a810bc86c52f60c838acebb9bd0c541be19

SHA256
7c27b82cb8af372763b0699274222450a8311bcf96cd8e876b717d4ead2a4c9c

SHA512
6d2556fbd104bc18366276346a8fa3d36992b5a7e98b2dc43683912ab4322dfda0ddf76c43b20710f8b5a8018655e731e5a52b2e573fd62f0ba0767b868c3972

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
b40ae6135a1d8173cf241739651700af

SHA1
2922b05d09d9a46fbbc1f98513c183266b1894b4

SHA256
f5ea100ff8f0690b542da2a3c8bf5d6fa95d430e3ba5b513e3d9da27b40416ae

SHA512
2d736777797a9d932cc6caa64abb540e91fd039816df38ad057d6f5b78ea7c84bc2a1e17ccdce6f30a570eb97d1258697b065600cd1799282ee5b165a261e61f

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
c56a43118a35531fd0832429275d63d2

SHA1
16cac1fc65245bd3663384a4c8feeb804be8c1c4

SHA256
24b1d4b3d42d0b37ef94abaa072af30ba6d44b5760d6808b16ff0ec0a14d5c4b

SHA512
9d4371d35b9d556178eb1c84f8fd9d8ed8a97c5c745c93dbda7b21e6bbef0cac5051e49ef9e8e5da509aff49fc661c9604a2552d518325245d8bb481c3470c8a

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
88881e044828709f028ffce1abb44f0d

SHA1
0ee95d07c8cbad129f4299057a362d91fbd91b12

SHA256
ab590e13acf67b5b894ac7ef6d502e4d2df3f067fa26575e7706cf82cf7a7a46

SHA512
0a08ab5de2f1509b4b3525e678f871f3fbdb4334d503efa33f9b3b2fd6c1ef54a57585457f10242e309cf5f4caf25b4337b432b232311a53fe765ba364a319db

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db
Filesize
16KB

MD5
9576cb9bb896b2b6de6aa6998f034933

SHA1
f2e0a6ffe89c26f7a36f2d320a08d9fa101eb2bc

SHA256
f083426b32d485b3a8fe6289c93c04a4c7d99011501e609623317a3a4c5be41f

SHA512
82edcd71b728070d2779e35436ecc3bf3c90915a0275b37f6141e7e1e11f2266d4afc7577d6c2c809e671b4e59f6c82bac3d0a793414b6548ba76e4550f881fd

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
1b1e223b7702ceafed223ec03a4065a6

SHA1
bd4f093eb221c288c2d5124040e1856acb5eb7c8

SHA256
13fa065b81bd83c533abf232248d5ae369800f4df753c839b04a997c638c6224

SHA512
8095133b2dfc7594648e770470ba39395d5c62fbc02255da89a7c9ed826c885d3c1f52ce37d84225b765ee38ff10df5799a8f2f0e0f665aa79a50a61cff4413e

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
a0656e4671e3ab68e53334571150b48b

SHA1
273fa82efc0e51023b063a067ec32ae0b8a794be

SHA256
d7317a48a7fc8b93f2265af1c8658d9a490ada8eb6dccb4546e063c42e144321

SHA512
f8812ec6b29b08cf5ea86ed13eb0e750c58634e0c5c9c9d874ded7327e1fdd053dab30b984160baa0e7e501b73a208a379c7e8182e5f51e0ff7794ada04bf9c6

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
a41b8590030ccc6e48766822baa5413e

SHA1
60a41184ea189e252cd49ff15bd8a8319ff67b2c

SHA256
047b8b7458d6527ddd2bf58de42888138a0c43c29ddf027dc3f9ffdccc23637e

SHA512
6a8feae4f700ed95a6eba978864089643a670f0d3a81f8adf89fedc62f2a5e8bd65dff464ea87eb1727b5e3f395ff5666c68dab818bc48319442f4315e3c7459

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
5dc5431dd9fca3d588f769465c92d7c9

SHA1
76220df8812f311c65b866a044b33b945adba34b

SHA256
f290f27c917bdc5019dd77ea78acebad3b9a709b26b9c78244d386436c80e14d

SHA512
4f96a0a6a3bc4823a2b9f8168eecb39e62bb76076ae901c5c653af4732568d3c431a4d2ab268f05bf9e15f52748f34d5a85eeeace38632b906e5799f9fc14313

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
7671e77b487f35ad3e3a99e6f9ace529

SHA1
1e899128df2fbf32e2dabda164c0ed48ee0d380d

SHA256
a4fbc6ff9aeaf6edf6dee297a404b5b07ba2e1255f906d97be780ec5b44e4321

SHA512
795f99718657df720d7cdd9ab51769257d28078ff8d6e303d4935760f705278aa2a98108ca798a77ce3c466b8340d57641348e352eabf138ef678bc2068a8c38

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
cccc6983fed6998d86873686901d3641

SHA1
bab3dbf9d17cda79cde9970db7d111930c30b33c

SHA256
5c401f07fe28c43d87cad11f1a21a3a7be342c330d76009520305460c72c05d8

SHA512
2bfb69ba826e7aab50eb5114e3315ff32fbe7e76797a062fad849f9c9ec4154eef30a263c765b3871b623a2eb8971c2648187a4f3fb3e10f0ce30f3d6df7692f

Download Submit
/data/data/com.iran.ikpayment.app/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
26d3f9dc8612400a3b3a78176910ec3a

SHA1
510c06c660056573facf6a1f6c87faa7788c8c53

SHA256
b6cc395f7d73f3cd5b8b70287767cacd5261953776dc5d8ac657eb44740e1976

SHA512
7dde6c428f59b7bb78b7996ad4a06377ffe3271cfa4c74c5cfdcf60c2c034b23281582afe425e82ff526a674f57f46b125ee610d2620fa2757ee28dfbb9be661

Download Submit
Anonymous-DexFile@0xee854000-0xee85412c
Filesize
1.4MB

MD5
cf77b1ab8e1d9e6f682882f44faeb58f

SHA1
643b5920c29fd6c957e466ece595b419afb5d392

SHA256
1a55d50a0ba80d1b00d92f77e6e303a8914398aa61b577ea5e05f28068d7443a

SHA512
6b9a003f8bdc1188c2adf76fdfc173896864ca5d408880f018edef6d9b36ba2e92de19f89589f6d075852296b26c0b7c2edda78d8de1c00c0929dda585175ccb

Download Submit
Anonymous-DexFile@0xee8ff000-0xee8ff12c
Filesize
300B

MD5
7c80da100acf95df2c9629e515898a6b

SHA1
28c7d9a00126bc12a0760f9cc6270abea6866d73

SHA256
ed26ed598d0393b52cb68fd71e26f7eb5fba998f72c1c30eae4622bb0752692f

SHA512
b2eb8340ae3dd3ddbe2a5cf3de6b735a33bb15b51b728f01643fed02375c8962f37fcbd4827fd578cb73678847cc47c45290d763281be5caeded67fa8923c6a2

Download Submit
Anonymous-DexFile@0xee8ff000-0xee8ff12c
Filesize
27KB

MD5
4452f5f3bc597596e9cbe63e01251fd2

SHA1
12588579f4e33ea18f26e231699f55258ba3bfaa

SHA256
5f5613e1709d467a975fa867cc6128eb38f4be4037c3ff472f7dddbb0f465aff

SHA512
89e3c64409e8b6eb1b75ae55528a7be0bee83370eb37d95ff95824e35707ada523cd89c22b3f1c5715fe76145d0f3ffb9320d2cac806e798230a880c1664ea62

Download Submit