Analysis
-
max time kernel
35s -
max time network
147s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 11:45
Static task
static1
Behavioral task
behavioral1
Sample
zzhy0215.apk
Resource
android-x86-arm-20240514-en
General
-
Target
zzhy0215.apk
-
Size
6.8MB
-
MD5
51419b5d7e9809a376fa9ea41ddc1985
-
SHA1
6af17f47376370385176f52fe3b966270628b92d
-
SHA256
744e1992cf38248d346e7b021d57197659848d21ba851660775b2f2da8797df5
-
SHA512
29e718ab8ac309745db1a3817a7d5e13f4b224c4010f9cd5125e35d76c551ce89035ac71ea35e57669dd93fbd54d0c9cd9d2ae0b7ba7858f61121ffb35b7609d
-
SSDEEP
196608:sUywdHql/E+9DnFcg6UfWWb9rg+9CPfCfBFmoSumeh:sXl7BnB6ez9rg+9/FvSumq
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.b2515912829.figioc process /system/bin/su com.b2515912829.fig /system/xbin/su com.b2515912829.fig -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.b2515912829.figdescription ioc process File opened for read /proc/cpuinfo com.b2515912829.fig -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.b2515912829.figdescription ioc process File opened for read /proc/meminfo com.b2515912829.fig -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.b2515912829.figdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.b2515912829.fig -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.b2515912829.figdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.b2515912829.fig -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.b2515912829.figdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.b2515912829.fig -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.b2515912829.figdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.b2515912829.fig
Processes
-
com.b2515912829.fig1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4312
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.b2515912829.fig/files/APICLOUD_INSTANCE_IDFilesize
32B
MD56dfdbac148de135ea5d8a4947643edf6
SHA18a2f129b98162d7a765a94ef7815025952760c73
SHA2566319e0ae4a1c9edbd05b789a57e54fb2debc24fbc2c28c1206026b60faf3e051
SHA5121920bca5687fd00f2c74530592ca781db10161f0012f70928010103d40d28e292dc61264d1bc306f689f4811a273375de56932331001bf61554c3211a18f97b7