77b9a0c15465443fb48ff3168866488fa91c53aafce1f2e037d534830e488b0b

Analysis

max time kernel
35s
max time network
146s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23/05/2024, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zzhy0407-备份.apk
Size

7.1MB
MD5

0c59a1e6996cd4038213bc4655db7fe3
SHA1

8c0e78e4381a479ac7b46594e8f39be6f7093e7e
SHA256

77b9a0c15465443fb48ff3168866488fa91c53aafce1f2e037d534830e488b0b
SHA512

70d5b16c414846544b5f22ec2a17e8be07bf5b67a9460544ce3e96a547060bedbc89fbf169a818afb200901a12206a84a84cce91540ff52c04603644b6c68cd7
SSDEEP

196608:iUywdHql/E+9DnF1pje32Se3wd+1BFmoSumks:iXl7BnDpe3J43PFvSumR

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.b2515912829.fig
/system/xbin/su	com.b2515912829.fig

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.b2515912829.fig

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.b2515912829.fig

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.b2515912829.fig

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.b2515912829.fig

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.b2515912829.fig

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.b2515912829.fig

com.b2515912829.fig
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4242

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.b2515912829.fig/files/APICLOUD_INSTANCE_ID

Filesize
32B

MD5
8e2b21157fff5cee2453d4bd306d5bc8

SHA1
236c716fe292c38bc92789e973b62537beddf88b

SHA256
8b2919bc48c0fee77758a2ffb05115d7746f7aedbb43b497e4cc2a17a4d6dfa7

SHA512
e685154b4cd80c66684691e608e8eda66771620a0132e701ae8e942e37cef1e302e8206a44c18eb31fde780b8dc933be99f10fa57e05b94a2b72c84c960290f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads