a2d84f922955b79be2e7d4e166f7f5fc91e34086d37dff79577fc3e9615d1fd4

Analysis

max time kernel
156s
max time network
177s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23/05/2024, 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com.zlya.intfire-2.1.19.apk
Size

12.7MB
MD5

5e676f122c3c2d3e5bb7dd0cecf67de8
SHA1

38ea665ee74341892c34ed1c177e7646e18e1920
SHA256

a2d84f922955b79be2e7d4e166f7f5fc91e34086d37dff79577fc3e9615d1fd4
SHA512

f65b89d4e8b89bd29a9d09ac2acaf6cb3fcbd0a52d97271b466f0cb57e00ecb6d12f660464f425758b424e8792354309cb88c1de9c269fd72007dcaf950334bf
SSDEEP

196608:t/bHwnDz5FS6nPWE6N3q1HMiZ7ElDv3QvpBBI9rUmM+5gluU6LXweY0LpHSrB:t/qp46nhT5fZ7ccvp3luJbAd

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.zlya.intfire

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zlya.intfire

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zlya.intfire

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.zlya.intfire

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zlya.intfire

Checks the presence of a debugger
evasion

com.zlya.intfire
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4302

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads