Analysis
-
max time kernel
126s -
max time network
179s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 12:42
Static task
static1
Behavioral task
behavioral1
Sample
2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
2.apk
Resource
android-x64-20240514-en
General
-
Target
2.apk
-
Size
14.5MB
-
MD5
a3d241bd45ef4dfed526a913a103e3ea
-
SHA1
7678886043841fe0b8320ff68c2d0c6beca2dc98
-
SHA256
b631229d7c9ba7864ecbe95f5599ec76e9dd1db7f242c57a47969b0602a15e53
-
SHA512
7a3145ade31bf606eb3c1b1af7368797fad3500c2eceebe18b1bdf89aad26a5839ebff387fa36b98d3456719ada37e7d2bc0bc8aaf4cd950e9c5505da63bd1a5
-
SSDEEP
393216:YYsLq2lQKg45MLxCMHEQfUNmeBhhvjBxvsPh509n5a0hJLbjz/:YYmq0Q054kUJfkBXjBxvtJ5aGLPT
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.udo.grinder.riceioc process /sbin/su com.udo.grinder.rice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.udo.grinder.ricedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.udo.grinder.rice -
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
Processes:
com.udo.grinder.riceioc process /system/lib/libc_malloc_debug_qemu.so com.udo.grinder.rice /sys/qemu_trace com.udo.grinder.rice /system/bin/qemu-props com.udo.grinder.rice -
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
Processes:
com.udo.grinder.riceioc process /dev/socket/qemud com.udo.grinder.rice /dev/qemu_pipe com.udo.grinder.rice -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.udo.grinder.ricedescription ioc process File opened for read /proc/meminfo com.udo.grinder.rice -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.udo.grinder.ricedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.udo.grinder.rice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.udo.grinder.ricedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.udo.grinder.rice -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.udo.grinder.ricedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.udo.grinder.rice -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.udo.grinder.ricedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.udo.grinder.rice
Processes
-
com.udo.grinder.rice1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4317 -
/system/bin/sh -c getprop2⤵PID:4371
-
getprop2⤵PID:4371
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.udo.grinder.rice/app_crashrecord/1002Filesize
228B
MD52cf1d07d8e29f5762374f3200546b428
SHA11ce5330adfe1ac5018322bb21f0d4061cc9f1627
SHA256fbc287aa462764b530cd4d1d00746a1348241147d5a0368aa6cf69d193d0f18f
SHA512561840c3fe4ae6ed3dc16e852fe2e1185753d71bfddf2848b69a552a88bde6af5e43c37fd05276b2ae77464268805ef8ddadcd3052e075e2825be1610c9bd62c
-
/data/data/com.udo.grinder.rice/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.udo.grinder.rice/app_crashrecord/1004Filesize
228B
MD5978cbba575e2fe50d7073d9f71aba01a
SHA1c7da1b5108d07e3c451b0986c7d81fe1ec341e14
SHA256b961860cd2f4f116b56ee57d6f0d37cf7790a57da79b640571f3ec348831d099
SHA51246c0ee929516e7b32f0047ab256e7f090860f373d0c5776994a544779f3d41192cde613a4afc5e21d2ffd05ed9a7f34754878d2d08320dddb97232bc43a91c71
-
/data/data/com.udo.grinder.rice/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.udo.grinder.rice/databases/bugly_db_-journalFilesize
512B
MD5add2d91b18bcc1321f99019ec12f1ace
SHA1cf6ee36e4bf55485eccd97e05fdbb3fdc1f8382c
SHA256a77227494b7e1a8774ca3df8544c8c18fa75b6225dbf3214f220d4faf98676d0
SHA512be9ff12a0a8e60b7ea9fc5ada51cd1fbb3cbcae3f9de3b30e95678bd8805ee9b92c30ebaa22d36b648fb4b36637cf8ab028382777e08b26abbf034374fb8e017
-
/data/data/com.udo.grinder.rice/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.udo.grinder.rice/databases/bugly_db_-walFilesize
76KB
MD5bbc2912753ac7fd5a1db081dc20306f0
SHA1cd1079350ea55b549e2c6deb9855c15de22a3971
SHA2565d27dc0591952dbf2b8f2dc49e3b44912abcfa63436484a4b3ac82ca2b42ce36
SHA5121f43c550e74bce187a37c737ea4cf2822846c2ac5444e57ea3ae65e07d01724170540d796cd24d115af75fcf479ef4bd08e43b7daa8e5ff322664febc1a250eb
-
/storage/emulated/0/Android/data/com.udo.grinder.rice/cache/Cache/journal.tmpFilesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6
-
/storage/emulated/0/csair-mmp-devices/devices/.DEVICESFilesize
17B
MD50aef4ad3fd7b7b6fca5f038fc54c2bef
SHA1f3beea33e279de43fbb325e02047de32e2355f2d
SHA2561ff71a0b161a8a2c4bc912a7a567942d28c55fcd0b1dcb8039997186d65e494e
SHA51288c9f1dcb653bb9fb59e3715032464a698321e5120ee1d12ef650f4d4a979a8c6e55d9be569264c73ffc5950bbd303dfd61e3eb8bea9427195c1d47df59432c9