0b69b57aea560cea7bc64c21e2945f87ed4ba4ee77cdb7488429f1d701bcd606

Analysis

max time kernel
7s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2265box.apk
Size

1.9MB
MD5

694e028fb7cf02f992e02ecdbcb8bb10
SHA1

db132f870452c4e761da64b398f8b82f06872817
SHA256

15182e38ebd5776cb43f2357b5fc5cf85ecf224e65394cd28d7f5e17e6b5b026
SHA512

25478fa8b9efcc1d0e4d39f287600f78c0ad84acae4cf211bbff8d6fe98bee0922b29d8977f784d8b8432c599171fb4de44c19105e75be7eee361b8a44f2eaf4
SSDEEP

49152:PKhTPeQHgfuwbO8JCqZ/r4Iz3ZMHtfs8O:P4Tlgfuwl/p8s8O

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.i2265.app

description ioc process

File opened for read /proc/cpuinfo com.i2265.app
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.i2265.app

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.i2265.app
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.i2265.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.i2265.app

description	ioc	process
File opened for read	/proc/cpuinfo	com.i2265.app

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.i2265.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.i2265.app

com.i2265.app
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
f49b70286b56203b2133952a9acf1134

SHA1
8d5a9e6a0daeaaf297e1b3059816b38bbe79b70e

SHA256
478b3afa1c377e832439b7ff89c40fa4a36b5f26ff5e631f314587e31de1d0ca

SHA512
9e37c7c79a41252263c25b48829326a32701895d3454a07dd861bc449e88b4ff98f6d8ab25d5b448b2b8f77e12760b63f8e76d40eea07c552ea14f8f3b5af7dc

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
9b8b3a3182b073d2e7e9842ba32d2115

SHA1
a10b3dfedb6d24c5bb34d94afc8511b8b5f34528

SHA256
378fdbd6619a4bcd626dd9a470fe6f7ff954b58b9de34f6a92be0a2818dd1edf

SHA512
108b7487ce280af764e66ec5dbe3aea0302c78d9f3d14d1449fd1e138619ef0ae39c060676827e91468a8a2a0894f0823cf242b630b4c72ac62d8dbe4a2e0595

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
be255e4c91a95e7b10af2573f27f4ccc

SHA1
5d1dcf85aba2fcbe911f78b216f0a8c933dcc696

SHA256
2f0a31d1e223d7a4e325cec1d3da4a7e6ab34e3d32288e51f65dd37dba0e663f

SHA512
3e8befa6d44a49c71b57800cf382fc81dfd9672a4766ae64896c7160cab70316f1109750b3f56a6f583a1a6caaf06c856fd6170a9f7521a9becd2b422f38fa12

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads