Analysis
-
max time kernel
3s -
max time network
39s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 20:53
Static task
static1
Behavioral task
behavioral1
Sample
Victim_1.0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
Victim_1.0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
Victim_1.0.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
Victim_1.0.apk
-
Size
6.4MB
-
MD5
99d7ca57067e2e849d46a2f45d954ed8
-
SHA1
40d9cb4b63d4d158f9552a86bd4ea73734e2c9ea
-
SHA256
abfbe0a094d8601da53cc5a1f6605bea08274790a43324f891a980a0d78981f0
-
SHA512
e42dd6fc6188815a0448eb7142cc8364eb6bfafa5e5138a09ac4457a817594c0b40c7d34068a9f4d25fc6132db15c863bccf625e0b5b6317f14112697ef8e226
-
SSDEEP
98304:TKgMZWQrzM1tGP+Srhgi11l+94hXo7iHtc0BxO7du4n+ddn6bKhaTlU7o7Bk8UoB:GxM109R14yeiNjxvn/eU87doU
Malware Config
Signatures
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
Processes:
com.my.victimdescription ioc process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS com.my.victim -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.my.victimdescription ioc process Framework service call android.accounts.IAccountManager.getAccounts com.my.victim -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
Processes:
com.my.victimdescription ioc process URI accessed for read content://com.android.contacts/data/phones com.my.victim -
Reads the content of the SMS messages. 1 TTPs 1 IoCs
Processes:
com.my.victimdescription ioc process URI accessed for read content://sms/ com.my.victim -
Reads the content of the call log. 1 TTPs 1 IoCs
Processes:
com.my.victimdescription ioc process URI accessed for read content://call_log/calls com.my.victim -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.my.victimdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.my.victim
Processes
-
com.my.victim1⤵
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Queries account information for other applications stored on the device
- Reads the contacts stored on the device.
- Reads the content of the SMS messages.
- Reads the content of the call log.
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.my.victim/app_sslcache/hayam-239f3-default-rtdb.firebaseio.com.443Filesize
8KB
MD51befae9a1f0d05b01c76c2704be4e752
SHA149c421c3c87e9e93e4094a4270973890707aa8e5
SHA256f04ab03943d298d446971d164a351d33b8493ad6b8bd1c085d0e5a2f074c3ab2
SHA5129e97efc2f3ad4d6a789f3ff15f04f7c151372d85eb9b1ebbadd51a25e84db336d39d514e75a687469a3e5a725d55738f11e7a763ebea09e3dba976c81cf3fb7e