Overview

overview

8

Static

static

6

1.apk

android-9-x86

8

1.apk

android-13-x64

Analysis

  • max time kernel
    155s
  • max time network
    173s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.apk

  • Size

    4.3MB

  • MD5

    bba684883c695c5261dfc3a2e3007ebf

  • SHA1

    275024f65f133b94ae3c2c1105c7ee96f7e3680d

  • SHA256

    2fa026eb7dcfc0b6f32d2ac5e5244c183e51eec17c12c6972b87f043d97ba640

  • SHA512

    bf5c4a007a35ded6d854f196afd869bb7c9a24170593354df25616d14870b4cdbb573de3472feb7b6fa1e589293069ed2d25bd10bd69d644707dbeb55ae1dbd3

  • SSDEEP

    98304:Nrkal0ke1Bw5qkPzQiwqiJWQz/mj8Ow4BKsxlVXG0DMKsxlVXG0c:NoauXkqkPzdzzoeIOwavVW0DkvVW0c

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • io.dcloud.H53E0C750
    1⤵
    • Checks CPU information
    • Checks memory information
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/io.dcloud.H53E0C750/files/cnc3ejE6/eje3cnc
    Filesize

    335B

    MD5

    585839d66722cfd02e40cb740cccb633

    SHA1

    374c19200fee201b26d0153487a281a934615884

    SHA256

    86a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8

    SHA512

    09bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88

    Download Submit
  • /data/data/io.dcloud.H53E0C750/shared_prefs_ext/test_app
    Filesize

    24B

    MD5

    5291edae17c81a7909dc027d2647903f

    SHA1

    12e42bf8a5b39b6d9736abb9defffa5f5d6d0c12

    SHA256

    dc093e9c4253c774619c65d11c44c6625d474ae2047320fc0396f11a38cac513

    SHA512

    fc0817cd9daa23d49d25a09763a72614281fda171f69837731b4af810eb1943b638ccee85ccbf84c7a6807d6fd541e518f6424c254b1b75795310e85170ed62f

    Download Submit
  • /storage/emulated/0/.imei.txt
    Filesize

    32B

    MD5

    5d28abc7a878780f7391bf9b51fbb261

    SHA1

    d2a1b2d6568ca250cf72bd71cfd95f886bc7a055

    SHA256

    a1cfac48503e235e0e853ba043f34b8bc604e9bc3cd9bbc21d4627958130e83c

    SHA512

    dd4ff09a14657d362820be8c91e72e685f72f314a354aecc5003261a04c711b5e2fa89e70e196edc8a02bf388c118d3a60000bca92715bc5331e03b91e51b4ae

    Download Submit