cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6

Analysis

max time kernel
8s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6.apk
Size

4.8MB
MD5

ee223733a9d1d6b7edc9877d9ed0e251
SHA1

ec7cc098bdf56a58df93b1d6626786ab59224870
SHA256

cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6
SHA512

e99f2fe7a54a688b69db05da6dd7377e98482d78ff592ca2e640043872d9225e975ce03a094f86167598a931d768b5ae9489ba869055587a1b44cac286be6942
SSDEEP

98304:24x5SbExfdJ3d2ZrXbO/1vfFS2fPQEJT/6O2v4e:24x51XCa1v9S2HtJWzQe

Score

8^/10

banker collection discovery persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
collection

SMS Messages
T1636.004

Processes:

com.testtest.ipafilfirst

description ioc process

URI accessed for read content://sms/inbox com.testtest.ipafilfirst
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.testtest.ipafilfirst

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.testtest.ipafilfirst
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
URI accessed for read	content://sms/inbox	com.testtest.ipafilfirst

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.testtest.ipafilfirst

com.testtest.ipafilfirst
1⤵
- Reads the content of SMS inbox messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4286

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/data/com.testtest.ipafilfirst/files/uz78347f05724540e0becf917979e1fe6d_sms_messages.zip

Filesize
638B

MD5
515387811c8620115b5f11b7f57d1e26

SHA1
82adc3e3bd3b26ca29b1282a5145c19c85867a16

SHA256
5ac84e42071dfb6d534f09aad0c5d63f9ab26ff16ffc3160c68f55707b7b1fa3

SHA512
fb3fea13463624d9929935567d62b32a0d139a9cb6f41f65b65b5cc78340ae371f20083b57398c20ceadce0733189d70e231f586f2e7ab24b377e5b235db2980

Download Submit