65997ac52ac0a1ecaf8ad8c5010a1fe28191d8ac296757d08d4ec78a2dc8cbe6

Analysis

max time kernel
7s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7723box_pjz.apk
Size

3.3MB
MD5

2dbfa511a770cb9923d85b15a9841848
SHA1

7618c9af34437781884bec561d12ed2a0781e56a
SHA256

07d5827ef21744d399bf1888c198a3715235c887c0abc82cba3545b9864c3837
SHA512

fa718fde2af8f491407c927550410eb5eb6a40dc4df144507bd63b285ab7e8b630db85d11da5572b5ecb5b88ed38cc1cdc0d2fa7007717c17ac67ac859ac24be
SSDEEP

98304:V3XuuHwWUJrVwUOLuAXaK2Koz8sdw428SlZLx9pvY:hx0rVwUqqK5Iw42vTLx9VY

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.upgadata.up7723

description ioc process

File opened for read /proc/cpuinfo com.upgadata.up7723
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.upgadata.up7723

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.upgadata.up7723
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.upgadata.up7723

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.upgadata.up7723

description	ioc	process
File opened for read	/proc/cpuinfo	com.upgadata.up7723

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.upgadata.up7723

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.upgadata.up7723

com.upgadata.up7723
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4265

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
92f44b67d7ee6474f1bb2d3a9e88375c

SHA1
aacab2cce33a6684c3dc7bd77bbbab53932830d4

SHA256
2dec0b4bf43d96588c4a8340cb100fb5d24fc3293bf577673e7cd97e0d6988e3

SHA512
ca473cd261225a3c482b96f9afff2bec75cd3925beef4cf7340c0779deaba8d9af192fab80bd8dfa9f4dfcde77498db360c244eabb450102ef8d9c2955335d56

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
2b9f9174b0b61557639394c6aba16e72

SHA1
d073d3af7985752bdcb68c1f6aec8dcf378c229c

SHA256
6dfcd0dd395c452cbbbef5c2295ad55c2ac228defd19e682c2165764cf96e14c

SHA512
81c5ef290cd7ade84b10816960335d320a44f366a0e47bf12fb7590efd0b60a301e6a6cbb20115e3e157b3b2ccebf4f1e8dbe27c3dc97753ed3e8c290b42bff5

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
b0cae2a889cb1c588d09a71b1dc1f757

SHA1
2431710546bd114a1b65f28db62fb9e4e4ee37ad

SHA256
df9f00933276393ccf79fa720c748023f745ede29cf30f7d27b1cb7876b03f01

SHA512
d28d76c777fa2ecd6559378e28dbd73d46b1543c9d210cf4ec2337dde6348df059aaaf7b4f344eb6281898963346c7a1cf0213f3f3e3714831ea1ec54e9abcea

Download Submit