Overview

overview

10

Static

static

10

ab502b175e...60.apk

android-9-x86

8

Analysis

  • max time kernel
    179s
  • max time network
    145s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    22-05-2024 20:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab502b175e52657c1c18ffc778657b80f4a57d05f50ffd4bfe23aa8d6593af60.apk

  • Size

    7.0MB

  • MD5

    688ef7cf954d56e3995681f7d4e3a0bf

  • SHA1

    5fcb85d659e0086732d7918c90e8783a4bb3b488

  • SHA256

    ab502b175e52657c1c18ffc778657b80f4a57d05f50ffd4bfe23aa8d6593af60

  • SHA512

    4f35086b6b7f8c683e066e51ded183b9411f6b5ba010753380ffd4046610c62222a445c81b8c2383a2c27aad8eb82e58a373b838bb2abc973b1c0210540c1a67

  • SSDEEP

    196608:NT8rJbzS2KCY1YU+rtc9DY3EGLAaRiUWDSFSLxY:w5zS2s+U+rtcBBaRivOsLxY

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.mobileann.MobileAnn
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4323
    • su
      2⤵
        PID:4351
      • su
        2⤵
          PID:4372

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.mobileann.MobileAnn/databases/ms_tr_gprs_db
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit
      • /data/data/com.mobileann.MobileAnn/databases/ms_tr_gprs_db-journal
        Filesize

        512B

        MD5

        8e15f707ba0811a92681460775e34613

        SHA1

        053a12187064d61903840f9e461b01fd7cbe69e6

        SHA256

        3fa3c220583f94b4fa55d888aaca98ddde0fc2b5e4b28dfdea119e5762ab1194

        SHA512

        b497c4e7fc4dee144c635b6f39182a4a9ee02760ae3f32a3374313285c8a43d887b33a682ced778560d45c5c9cccdd1f331c9a2a6bb12c8d59147cae11cb0831

        Download Submit
      • /data/data/com.mobileann.MobileAnn/databases/ms_tr_gprs_db-shm
        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        Download Submit
      • /data/data/com.mobileann.MobileAnn/databases/ms_tr_gprs_db-wal
        Filesize

        193KB

        MD5

        2ddae64c3d0f551d4ff3064a6328b2e6

        SHA1

        e4d0062eb3ef23391b541001f821d7219e83ff2b

        SHA256

        3f943a2a3fa4675c2a26408c68c3a38331b08e965066a5f5b56cc89b9750b95d

        SHA512

        303941660ffb16d276daa9b735cdc8aa4fb3c7515c501d9f0d3b962311dde178da1a120686bf38344942ac13d1ee510a31779215d6f0e7c606e50699df4b6d78

        Download Submit
      • /data/data/com.mobileann.MobileAnn/files/libndkutils.so
        Filesize

        17KB

        MD5

        c047c371516e2c67ae77e0a366593044

        SHA1

        793aab3b0440ba50b1321acba3c9d5de55cf703f

        SHA256

        07275e4338624a6ef2718fd62c2fcb53a334a9747e068f60817cd382fcf282b3

        SHA512

        4638f5f65fd20d8e9bff04064fcdc18e287e4d784706e31f5573b6587414a04173e1d28c22303e5876c6cda66f52ffd6d71291d6fecbb2929ffba2329b42ca67

        Download Submit
      • /data/data/com.mobileann.MobileAnn/files/mobclick_agent_cached_com.mobileann.MobileAnn
        Filesize

        122B

        MD5

        0270869cce18b5a1979888306df1bfca

        SHA1

        4160bc285f7d71ab7d951c5cbdc871d6e7386192

        SHA256

        984ab9d499264db758e33fa9e2732a6faaf50651b4b097fe9794042503d4e688

        SHA512

        9e8729f3b6b0178b5b7f39414140fc1c0368794c803d74394dbc0abc5e42904d9a48e7797d13ea93360aac8ed1385b2f704c2fdc7039eddf0f3ef4fc11483429

        Download Submit
      • /storage/emulated/0/.AgooSystemConfig/AgooCommon.xml
        Filesize

        111B

        MD5

        72d2d307608b75cce1fbd7006cac34b2

        SHA1

        7ca4eb51481de6486133339953f921cc1d63e2bf

        SHA256

        3d9d61c40ebe710cf26d9b99efc135d54bf806f90549a8a7b467de7f7bcfee4b

        SHA512

        62523c7903cbbd047da675f2597e902eb779836eea570ff006bf0623c857bd51b569a319ae12610f829ec3f5bfbaee98ba0dfd6bdf146b4693bb455fbb2ba64a

        Download Submit
      • /storage/emulated/0/.AgooSystemConfig/AgooPackage.xml
        Filesize

        111B

        MD5

        6d16f7667ae1b65895444c3d7cbbebfd

        SHA1

        ed297e7cf1eaa6c9e03ddf1675188216ead88f86

        SHA256

        3a573400641642beab93e7ec26a7bdfbb2ae324c68fc5b2192b1efb54e1097bd

        SHA512

        23ed43bb2c57d02a9e923b7f4bf60e704ba0f7859b03e1b00c9508c495ffb984cb14b5ab4448d1887553e8cb47ccd4e2a20b19e5abe04d14346822a76a2d90f0

        Download Submit
      • /storage/emulated/0/.AgooSystemConfig/AgooPackage.xml
        Filesize

        627B

        MD5

        92fa969ae0b4fc0592f189e7f80fe882

        SHA1

        04c64aa00af8c2b5db7a0d4f0c59550d17372ee3

        SHA256

        aa3d90fd98440b9204a25f7ccc22283c0c658c328716253ab940aff0ee54b31a

        SHA512

        5a3e1e9860eeb4ee599801c309a470e477a91ca795a644a82aa43157480a883f1cfec7efb12f4b4898891ba7d79a5a2112373f69bf0fdefa56f8a454ebbe1b10

        Download Submit
      • /storage/emulated/0/.DataStorage/ContextData.xml
        Filesize

        111B

        MD5

        9ab001570e616fd3d61b3420cf972a91

        SHA1

        a7954ad45dbaf695a8245d0a84acf8ece90f4617

        SHA256

        865d320f9bb45bbd3fc8068fff673cfd72b49bfd14486b12bb8bd4aa0d7eda99

        SHA512

        1092fa35e75bf450c60f9d6073ce1adebf9b95b9ecb5af3e5827ae8b46eab9b1b23afe02762bf46bafe85b2ca3b897892fed6d54aa4a50835c7f50f07c152874

        Download Submit
      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        381B

        MD5

        e8b53c949170baef61c71bfc505111e2

        SHA1

        c69a3bafcc21ba1669b7865ba89b28012d9c0a41

        SHA256

        9f4b045db256855af5068353a68a121fef5fe1f22edd60b5a432f70cecb838f3

        SHA512

        2d5db0f97fb4e144dc94a0a871f04a04b47030fbcb26f578e821941cd333824855463009abc8b8942463b1ff42642194b9af76a884fd00fdc26160e41bf38b21

        Download Submit
      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        65B

        MD5

        9781ca003f10f8d0c9c1945b63fdca7f

        SHA1

        4156cf5dc8d71dbab734d25e5e1598b37a5456f4

        SHA256

        3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

        SHA512

        25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        Download Submit
      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        111B

        MD5

        4c845ac813443d68fe1e5e482807e332

        SHA1

        88700ed574b232e83db0cb5c73bdd28c9d3e63f4

        SHA256

        9f844b0d561794a6166dc740a8a61be8e7bb206a570f6b437683389049c539bc

        SHA512

        262b47d1ba5ee2ed07b8bcdbb6332e0789a3ba74e25c9c5783134918b17cf86f6548332a0cbc28737cded2185f554d109fac9da1bc71c79aeabb2c7373edfcec

        Download Submit