86f93ef3367f00d04baf81b225793af79c2e68cc3ced0235330f37d6bc836395

Analysis

max time kernel
11s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
23-05-2024 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yssaas-release_104.apk
Size

10.0MB
MD5

0345baf80b07c40cfc31b9071dea18fc
SHA1

91bf2dbeb8398a77e8b2ade63f5d8cd7ab84270b
SHA256

86f93ef3367f00d04baf81b225793af79c2e68cc3ced0235330f37d6bc836395
SHA512

33b795a12a1ddd585f0dc59185519f0c473ae30ed7de919cea48aec98ca85803990d20524c1cff33c6fa0a11a883452d6a9efa911526a4146d81f28c80399b6f
SSDEEP

196608:tAjwNCz+VZUI+dvEABMNI6m/wXCaRFdLJdk1Elm4RkhYveR4kVJQ9WTyS7Vyt+nf:tAjwJUIlNN+4XCa/d2Elm4RkhYE4kVJj

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.yisheng.saas

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yisheng.saas
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.yisheng.saas

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.yisheng.saas
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.yisheng.saas

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yisheng.saas
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.yisheng.saas

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yisheng.saas

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yisheng.saas

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yisheng.saas

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yisheng.saas

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yisheng.saas

com.yisheng.saas
1⤵
- Requests cell location
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4266

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yisheng.saas/files/libcuid.so

Filesize
109B

MD5
477b6bef36b9f86f3485724c4cdee195

SHA1
80f1d16b172009c49dcdb6dc32426831bba2f79f

SHA256
1185d340e47e544def3045ff3e1146269d9576668507cea67b3e34c21953642b

SHA512
7441a7aee0a9fe1d2b7a3b55b191b06f0153d578ed7f18f7a574e45fc215e3ff33dcc71ad5eee5ea867040fa39ca3884e8d8ecf378de687c8f5efbfc4166cf57

Download Submit