cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6

Analysis

max time kernel
8s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6.apk
Size

4.8MB
MD5

ee223733a9d1d6b7edc9877d9ed0e251
SHA1

ec7cc098bdf56a58df93b1d6626786ab59224870
SHA256

cf5c9f055e5f43d70e575a52080351cb9e5a851f2058d1c8c1dd6dc2ea454fe6
SHA512

e99f2fe7a54a688b69db05da6dd7377e98482d78ff592ca2e640043872d9225e975ce03a094f86167598a931d768b5ae9489ba869055587a1b44cac286be6942
SSDEEP

98304:24x5SbExfdJ3d2ZrXbO/1vfFS2fPQEJT/6O2v4e:24x51XCa1v9S2HtJWzQe

Score

8^/10

banker collection discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.testtest.ipafilfirst

ioc	pid	process
/system_ext/framework/androidx.window.sidecar.jar	4549	com.testtest.ipafilfirst
/system_ext/framework/androidx.window.sidecar.jar	4549	com.testtest.ipafilfirst

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
collection

SMS Messages
T1636.004

Processes:

com.testtest.ipafilfirst

description ioc process

URI accessed for read content://sms/inbox com.testtest.ipafilfirst

description	ioc	process
URI accessed for read	content://sms/inbox	com.testtest.ipafilfirst

com.testtest.ipafilfirst
1⤵
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
PID:4549

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/data/com.testtest.ipafilfirst/files/uz8233389133d340699b1985fe01f3d9b4_sms_messages.zip (deleted)

Filesize
638B

MD5
350989a182fcee04c7e0bfd34df8a2d4

SHA1
4155c90037413ae9cfbc2743044809a44f5f65e5

SHA256
84616bf6ca79ec9f544291b8b27168e3cff07999f09926e014cf2a446246a220

SHA512
dd9c1313abfa70ec6f70c242c79997b0a5ec9164f325263edcea2bd582e86f0b350b322d70fdf93da19ac85cbad94dd3aeff028b0eda1833da9d2f344fcac2bb

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit