9eaebf67c308aa2ff1f661ff765d1116aca6a31684eb868e9326282bc59c2f0d

Analysis

max time kernel
153s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cjzf_mba_fwpt_mobile.apk
Size

3.8MB
MD5

5c8548a25e6e58fc76489b0ccebd3b04
SHA1

5f580e2c5249c35c8642485600bb4ea434a7dab8
SHA256

9eaebf67c308aa2ff1f661ff765d1116aca6a31684eb868e9326282bc59c2f0d
SHA512

624337a4e351413496606ba09aad3b23855b1a798c17bc2868ffbaa372763241a456e7e6d1667d6dac104f68bd75022d0964f258a60fdbb22399221c0f03c363
SSDEEP

98304:30oiyvSIl+dBlyvSIl+3yvSIl+feNtDkUwYzlpncoF:EXyvS6wyvS6yyvS6uerppcoF

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.H53D14D02

description ioc process

File opened for read /proc/cpuinfo io.dcloud.H53D14D02
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.H53D14D02

description ioc process

File opened for read /proc/meminfo io.dcloud.H53D14D02
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

io.dcloud.H53D14D02

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.dcloud.H53D14D02
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

io.dcloud.H53D14D02

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone io.dcloud.H53D14D02
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

io.dcloud.H53D14D02

description ioc process

Framework service call android.app.IActivityManager.registerReceiver io.dcloud.H53D14D02
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

io.dcloud.H53D14D02

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dcloud.H53D14D02
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

io.dcloud.H53D14D02

description ioc process

Framework API call javax.crypto.Cipher.doFinal io.dcloud.H53D14D02

description	ioc	process
File opened for read	/proc/cpuinfo	io.dcloud.H53D14D02

description	ioc	process
File opened for read	/proc/meminfo	io.dcloud.H53D14D02

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.H53D14D02

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	io.dcloud.H53D14D02

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.H53D14D02

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H53D14D02

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.H53D14D02

io.dcloud.H53D14D02
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4320

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.H53D14D02/files/cnc3ejE6/eje3cnc
Filesize
335B

MD5
585839d66722cfd02e40cb740cccb633

SHA1
374c19200fee201b26d0153487a281a934615884

SHA256
86a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8

SHA512
09bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88

Download Submit
/data/data/io.dcloud.H53D14D02/shared_prefs_ext/test_app
Filesize
24B

MD5
e099fcc7a180bc37945aa5141227127d

SHA1
2a640911cd5033e72f28277abbb3c491a5fafa8e

SHA256
88a6c119afefc90a93d988bc5653b52f4f0b18ba0632f2a550388c8a698dd8d6

SHA512
999b1259172d350e79a6bcc6308691a29305b03b75278ffb0153ddff27e000cefcbfcb855c3091820f2849901c910dfb87b7504e24bbaa18c4b23fa83e8461b3

Download Submit
/storage/emulated/0/.imei.txt
Filesize
32B

MD5
89cab4aea3d67af6e07b20ace9898633

SHA1
d6cfc67eab1bbb5d5592992ca3c571a32ad4c75b

SHA256
9c9b63ab185dc57a42caa8f4716a0d8eb89d79e3c77739d9171725bf3046dc00

SHA512
9ab4d606ba8e5db92889444989907e54c416d72ccff5233f2f29586851b0150602508b8007e325a3693a7d6bd1eefff2f8a329e066a8670bc15b7bb35991db1e

Download Submit