Analysis
-
max time kernel
14s -
max time network
131s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
-
submitted
23/05/2024, 12:18
General
-
Target
1.apk
-
Size
14.5MB
-
MD5
603ae1751c4278cf0b306b142580b1f3
-
SHA1
9e49d6ff09d44752135a85d029e8450c35f82394
-
SHA256
ad1653a80c8b576805c5d722b4e5168f420b5819a1778b147465545682dec7d8
-
SHA512
02a18c38532feeea90783ae023b95b0ddcf587a35bf2234a2443542dfd954250ab1ce04ed36e643140857e1234c60f9dbc60584e846ebeaeb6a29df5999f9387
-
SSDEEP
393216:zhGL5jFRvTg/fUNmeBhhvjBxvsPh509n5a0hJiwjMV:zKjPvU/fkBXjBxvtJ5aGimO
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.udo.grinder.rice1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
228B
MD581ac823e16ef70504e923a25a871ed50
SHA1b37140e19205a357551a9f7073e028989fdcb7e7
SHA25619c2ff85a560f9494d35ff2bea174c4ee4a6b60d0049ad64afd853e050b2c0c8
SHA5125da7c27b61967bdc64aa3e3da4422a03ad48fddb8c943892cf623bd898df6d907b10ea68b110d49261bc2f66802c0b1b342dc2826354e59ab42199f3f25f553f
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
228B
MD54919a848eebee14a3428ae7dc62771dd
SHA1f3b08fa8855932e86105f1aa2b6c2430caf6c7b9
SHA256347dfa6ad3941a805607a8c61dc890706b306a25b1db3dfd934b3003188652cd
SHA512a0cb4587dd46cff1fefd3fb5674f7cad1c0cd978b3de6bba6b4543497ecd34f02b81b23300b673a535220eadf68d66860cb8b054163147e7c0238457fc788e16
-
Filesize
809B
MD52c46ba1e85ebc9200d97c469d41fdb68
SHA16e43cfd7f9db07d27d841cb51afbb9c2e7c7c45d
SHA2564d624c889fbda9c407cb27ff5e454780348c8626da654875cb36feb3a50cd9a5
SHA512c46b3f8d73a2189bc30d67889cecf64a06431a482ff269efa4430f48dbe0adb194c7ea0ca892c578cd5199d442ff260518e98e833542bcc98e9350f68e72ebce
-
Filesize
184KB
MD59b7ffe1f4bbaa4ce56f378893461410f
SHA12c48944c62ea80bc76d1c114c4fe474af72351c0
SHA256fa865119e8f0e5cce0b9f79f1d67b129df2f13dcc10b4201d709180ade957c32
SHA5127189ab5b3a409b3406105680b1506271c583004d5baeabb744273d312ad1f29887e640b54adb6e554cf2583d66686138c886fe6651d3d7513840966edca4849b
-
Filesize
8KB
MD5c2c4ccfbf41e9bd82ec86f7ae4a84a87
SHA19a3f79fea6628db8feff9df34f67fc6466e6dcbd
SHA25623860dcb98212f6c55900a359ffb93ce17676fc9410235f66130aeb3f51957c5
SHA5120e860c0eecbaf0045a7074de5678ff6063bbdf5e640bc8db9c12006b565d544fd87fd632cfe7447d508d16b5ea76fc9176e0be2985ca5a2809af040fb6f30eb9
-
Filesize
8KB
MD5292dcd779a5913616cea8c821ce9e6ea
SHA104a7c8115c1f7ed4d22a35548abd18651ba10ac8
SHA25626a77ac0d35f80b1f5c092c3b6dacb5038b36acc7187334dd124be8111f494f5
SHA51297ef9014f8a5b557aba693ad1231e5ed42a441cb2de13f4539f909a50f2911a1785f0849be7b969c965009b92758872b7f0bb07efe65dcdff0cca5eed9481043
-
Filesize
8KB
MD502dd963a00d729b41e064f1a39db4d6e
SHA1f8649bd1a6bb69af91f56533616d415fee5a4ec7
SHA256e361b2fbc37e0678711c3e4b04daf51ea0ddfa59cd16585e5bbccca9f4e69f0c
SHA512588224ce0fb2da96bbed94e451388ae3694241b8ed1ee90c478f9c9cb3a920c38a99f81a625c2a85bc5e08f568907ec746c02fbac95a1d2eb67c7b2ea284f11c
-
Filesize
8KB
MD5892e7a105f81ac341af03457733925d2
SHA181c5ab85f0505fcc7b17e18eaecc4e7298c87dd2
SHA25623ef82a1563c68ad77806a271b77c9180a6d6615e5a7b034ef77a380950175b8
SHA512750fc3d4b454dc3c3081b9ab04fbe49fac3fc30c44fdd916e138c43644965bff43bf143e4c7c41929755f2b2068f55a9dc5fa18f0e92b223ef879742284d7703
-
Filesize
12KB
MD5d3caf7d6dd48f37a95cbf0fc28ae6913
SHA195b6ac96713a5041bf551bb64c4cc8ec1cfe9159
SHA2569becb64be703cbeba3573212e013ff93f1e10e90b68f7029df1836b71b9c6d4c
SHA512e7842e73308099472554cb6dd0011ab8505090ac0547703f754739c4cfaa2d9abffb6101011d8a54ac7f7180d26a5fed0226cc71eefb2588b473a1ba75caad4c
-
Filesize
512B
MD5d9e0641468ba8125e2a766240d184f65
SHA1edc8428df041a729ddfb5f607a440d1acedc2c49
SHA256a9e999f6ccd18f9728d0a97a9e3891944c893d325e61c55e9904e6e885e225e8
SHA51213e863b2fe8eb7f127f1f7da8f73ca0e9f394500571db79f4df30a0f4051ccec8118d4ab5aa3d03ea27aaef97beab0680334a293eb1402e7c9c726d3623681ff
-
Filesize
17B
MD5f4b8bd39da70d1d6400d5bf3c05c1dfa
SHA11df341aaba00cb25e7d3a8246726bfe767532b2c
SHA25668f8187a77bb69d29423b335431f891875785b3980db6aad4b7eab757b7f4786
SHA51294d556c49d0742f7db7ca1f17c5a6aa7dc408c93b0e24ee7e53dc0b45a00a539bb5b837ba5fd3b539a375531f86b7b8b2cb6eb4200f2450d4dcdf31992be560d