Analysis
-
max time kernel
9s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 12:42
Static task
static1
Behavioral task
behavioral1
Sample
link_20200527175802.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
link_20200527175802.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
link_20200527175802.apk
-
Size
7.7MB
-
MD5
e80f18280ae16ef6fd5cf22fe6acdb44
-
SHA1
2c99388a2e09617da33a105ea7454ded6936d59d
-
SHA256
b58b7477e636565dc2f1ec838bd8f7fd6fcb14361ecc1594fd768c33c408b55e
-
SHA512
213c8d95e56fd333fbb838e59f0aa480c300da8b9d4235bc1950e2dc8ff2a08d2dfdab7a27003c735245d9fd756058e9dff5585ba3299d8b0913af4202fc307d
-
SSDEEP
196608:K4L3hozBM7yp8L9etSwO7Bo606U9kQ4A9I:K4L3s8LGt6o6ZU97LI
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.fmob.client.app.linkcom.fmob.client.app.link:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.fmob.client.app.link Framework service call android.app.IActivityManager.getRunningAppProcesses com.fmob.client.app.link:pushcore -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.fmob.client.app.link:pushcoredescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.fmob.client.app.link:pushcore -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.fmob.client.app.link:pushcorecom.fmob.client.app.linkdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fmob.client.app.link:pushcore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fmob.client.app.link -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.fmob.client.app.linkdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.fmob.client.app.link
Processes
-
com.fmob.client.app.link1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4353 -
getprop ro.product.cpu.abi2⤵PID:4387
-
com.fmob.client.app.link:pushcore1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4411
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/Android/data/com.fmob.client.app.link/files/tbslog/tbslog.txtFilesize
7KB
MD5665455dff93148def1f22e6dec7688bd
SHA19e9ec0eea71d8d344aaa6c76235df81b44579aac
SHA256493899861c9723dde0e989394357613fd67f64297672ad34eba133dfde973ec9
SHA51285216e6b7c6e939610f798241886bdc21922738a61e8900dc73e988ff969d9f9190d751b9b0dc759add1ee4cda18bbdc806ccb99ae3aa60100cd10bd967a1fd6