Analysis
-
max time kernel
34s -
max time network
159s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 12:02
Static task
static1
Behavioral task
behavioral1
Sample
zzhy026.apk
Resource
android-x86-arm-20240514-en
General
-
Target
zzhy026.apk
-
Size
7.1MB
-
MD5
d57c78793817e03e5b99d5e6312d0211
-
SHA1
0df0c0dcec3512e516d4cd6aaf44cec9483ad059
-
SHA256
a3c32b3ca763b27e31ff70612db59ca8ebdd7536d3079a4d335b32e9fc888004
-
SHA512
6be4692574e6a06e401717ff846aa25aac173d593fb0e80083c3f32eebe65218b58557adc071af83e9446407a416a5c5602da6e6fca2e8d1e48a7b3da269b52e
-
SSDEEP
196608:nUywdHql/E+9DnFsyZkOQSXD+K4kO2F0l+JBFmoSumkW:nXl7BnJZkOQSX7LFvSum3
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.b2515912829.figioc process /system/bin/su com.b2515912829.fig /system/xbin/su com.b2515912829.fig -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.b2515912829.figdescription ioc process File opened for read /proc/cpuinfo com.b2515912829.fig -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.b2515912829.figdescription ioc process File opened for read /proc/meminfo com.b2515912829.fig -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.b2515912829.figdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.b2515912829.fig -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.b2515912829.figdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.b2515912829.fig -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.b2515912829.figdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.b2515912829.fig -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.b2515912829.figdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.b2515912829.fig
Processes
-
com.b2515912829.fig1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4298
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.b2515912829.fig/files/APICLOUD_INSTANCE_IDFilesize
32B
MD5bb15b9d985750292bb3b0424bf4bc210
SHA14863e2c36fb741ece8f6d95d3b8856def2f6aba1
SHA256780207282adda6a3ac68916faf68c0ee5ca3fc87a42938679c605bcd23fdefb4
SHA512286ea63d0cb9ca1a4a34bcb3361d95099c6a3690c28ab33979f2f89329b70a8597d8da30b0c5ffcbae5a20a5b70ac7bb943eb4edcbaab83896b8643e75e9ac00