Overview

overview

8

Static

static

6

3e9001834c...3c.apk

android-9-x86

8

3e9001834c...3c.apk

android-10-x64

8

3e9001834c...3c.apk

android-11-x64

1

Analysis

  • max time kernel
    175s
  • max time network
    181s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e9001834c024f61b4c313b339b82a05c2ed85dc89ea3c2f8e3237d115e84a3c.apk

  • Size

    555KB

  • MD5

    851dd05eaba655e36a7f16b1a92bdd54

  • SHA1

    535bd9bb221dadb8c80405372ff5b823635d892f

  • SHA256

    3e9001834c024f61b4c313b339b82a05c2ed85dc89ea3c2f8e3237d115e84a3c

  • SHA512

    b8dc6984bb563352e55023102814135a48d4bf581af47f0d29434f1da63a08d106ac5c3e9f3b386bf013d64bfb97df9f4f2008c32f2bbb834caf647fbf906feb

  • SSDEEP

    12288:vuRIjz7XY0gQrJKc3MoonGlhjEjdUc6jRASsUgTXTb/zClV:vuRQvNgsJKWMoaK1EjV61Aqy//zClV

Score
8/10
collectioncredential_accessdiscoveryevasionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Prevents application removal 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to prevent removal.

    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.spacex.mmobile
    1⤵
    • Makes use of the framework's Accessibility service
    • Prevents application removal
    • Checks CPU information
    • Checks memory information
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4249

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spacex.mmobile/files/profileInstalled
    Filesize

    24B

    MD5

    ad72e4997828fc65993404b16729ce08

    SHA1

    cdaf55f562d9da04ae80bcd31b203613fe7e853d

    SHA256

    c57c0173446fb36351d17e51856029d45efd04a06a159bc9240f7bf05a372ed0

    SHA512

    efef33b473d6ac043b150718b0d3b0b99024488c61dc0ae5f1898f7917ae8bec3d80dd57bb47568bc6af7e53a4b0c9ec9e4a3564c03435633468886a30a2421f

    Download Submit
  • /data/data/com.spacex.mmobile/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    a0357fb175408960ae4adfb5539bfd64

    SHA1

    252012d9a55f3bf2bcc234abff2db3b121bd80fd

    SHA256

    7082ae0f521e0563f5feb005ccf9ef5539749fdb615989b81f2627acd0739ff5

    SHA512

    5e87f5d669ddbea76ec43993131f563f8545ccf12af12612aefe7a866e3904bbe3ef76f9f591783b3e13863adc34230833881982c6b6a5581637e28e7c7681c4

    Download Submit
  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    626B

    MD5

    eac1a0e01779adb5a4ef2b3e3d22bea3

    SHA1

    f60f39062094d1b045de3483d6d94e2644e887ff

    SHA256

    97ce187e3a40c9d618ce0a1ff70e8abca17d47b0cef8c58887669d1201bcb574

    SHA512

    84044638119bd76df4e6c42a0a6eff1dfec5a47a8ee5b61ffcfdcb275e0545f1d62a214499a8b6daaa0ccedfd06b6a9eef124e0337141e9b90a60aad684cd1cd

    Download Submit
  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    1KB

    MD5

    d8ce9495de555f105001cff46c7c7cd7

    SHA1

    707809da641322c7e625d9b005c27b361ec1a97c

    SHA256

    0b0eea7964d612be5674f49f76ae4b485e8ecd9279d3e49d50f59eeaa54bc844

    SHA512

    88ca84d0a886bcd8944a0b244b07c8867c0628602f5b358ca126d441d70ed897615e66bc11a7ae586c117784601666949cc94ca07bf9495cd4848c57d38ae58f

    Download Submit
  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    1KB

    MD5

    e57163888060edbeebe56a2be0c146cf

    SHA1

    b09fb7d1125b842a19b7799ce76d3e90094668e5

    SHA256

    0016cb383a0518eaf66e8142c5fba2b3a5917465dbda410db8f09c22a5ea3cb9

    SHA512

    8bf6246d677c19b7e949e9773666641b7263d28c4c522582eaceee21d20d3db34b19a2a16a15f4930a724eb0b4ba700506035bb9d846fd914adc9c7efd065427

    Download Submit
  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    1KB

    MD5

    589fd94fde5d8badd86c6036ba814a22

    SHA1

    a0e313d901071683e43ad618ab524aeb032323a5

    SHA256

    2771e8a4c8fb6fa9bcd5d32f1a58f03346bd3e096f83ec5cedebdf34ac6336d4

    SHA512

    c91513e6345508dec7bb4d3cd4b2485e1ba991932ae32903e8da1c7cfea4525812cbc0b1a46ba7eebe6757fd39305be511c3f08a23147b928c956540d2788b2a

    Download Submit
  • /data/misc/profiles/cur/0/com.spacex.mmobile/primary.prof
    Filesize

    1KB

    MD5

    de403303724e51304307ac4a352221ba

    SHA1

    4001d0077c5c3c729a63f6eaa633552229e36d82

    SHA256

    c002d447e3c5c3edd45d3b502d57b177b46fcb154e2d8b85b467695f5837a7b4

    SHA512

    7b1a1a8c1bd57a5c70e7cf3f68e035e7b4d9370323e8c06b2a3f088a72a24ab71976df69fcd5aa0f27c8d2ff5d27de7f4bfe4060bbe6b998428737b22f17dc60

    Download Submit