Overview

overview

8

Static

static

6

2.apk

android-9-x86

8

2.apk

android-10-x64

8

Analysis

  • max time kernel
    126s
  • max time network
    179s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 12:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2.apk

  • Size

    14.5MB

  • MD5

    a3d241bd45ef4dfed526a913a103e3ea

  • SHA1

    7678886043841fe0b8320ff68c2d0c6beca2dc98

  • SHA256

    b631229d7c9ba7864ecbe95f5599ec76e9dd1db7f242c57a47969b0602a15e53

  • SHA512

    7a3145ade31bf606eb3c1b1af7368797fad3500c2eceebe18b1bdf89aad26a5839ebff387fa36b98d3456719ada37e7d2bc0bc8aaf4cd950e9c5505da63bd1a5

  • SSDEEP

    393216:YYsLq2lQKg45MLxCMHEQfUNmeBhhvjBxvsPh509n5a0hJLbjz/:YYmq0Q054kUJfkBXjBxvtJ5aGLPT

Score
8/10
bankercollectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks known Qemu files. 1 TTPs 3 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

    evasion
  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.udo.grinder.rice
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Checks memory information
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4317
    • /system/bin/sh -c getprop
      2⤵
        PID:4371
      • getprop
        2⤵
          PID:4371

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.udo.grinder.rice/app_crashrecord/1002
        Filesize

        228B

        MD5

        2cf1d07d8e29f5762374f3200546b428

        SHA1

        1ce5330adfe1ac5018322bb21f0d4061cc9f1627

        SHA256

        fbc287aa462764b530cd4d1d00746a1348241147d5a0368aa6cf69d193d0f18f

        SHA512

        561840c3fe4ae6ed3dc16e852fe2e1185753d71bfddf2848b69a552a88bde6af5e43c37fd05276b2ae77464268805ef8ddadcd3052e075e2825be1610c9bd62c

        Download Submit
      • /data/data/com.udo.grinder.rice/app_crashrecord/1004
        Filesize

        58B

        MD5

        0d210bfb2a0e1f1b4c082a6a0f79de07

        SHA1

        bb8ed9e364db79d1d9f2fcde3f15091893222faa

        SHA256

        988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

        SHA512

        536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

        Download Submit
      • /data/data/com.udo.grinder.rice/app_crashrecord/1004
        Filesize

        228B

        MD5

        978cbba575e2fe50d7073d9f71aba01a

        SHA1

        c7da1b5108d07e3c451b0986c7d81fe1ec341e14

        SHA256

        b961860cd2f4f116b56ee57d6f0d37cf7790a57da79b640571f3ec348831d099

        SHA512

        46c0ee929516e7b32f0047ab256e7f090860f373d0c5776994a544779f3d41192cde613a4afc5e21d2ffd05ed9a7f34754878d2d08320dddb97232bc43a91c71

        Download Submit
      • /data/data/com.udo.grinder.rice/databases/bugly_db_
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit
      • /data/data/com.udo.grinder.rice/databases/bugly_db_-journal
        Filesize

        512B

        MD5

        add2d91b18bcc1321f99019ec12f1ace

        SHA1

        cf6ee36e4bf55485eccd97e05fdbb3fdc1f8382c

        SHA256

        a77227494b7e1a8774ca3df8544c8c18fa75b6225dbf3214f220d4faf98676d0

        SHA512

        be9ff12a0a8e60b7ea9fc5ada51cd1fbb3cbcae3f9de3b30e95678bd8805ee9b92c30ebaa22d36b648fb4b36637cf8ab028382777e08b26abbf034374fb8e017

        Download Submit
      • /data/data/com.udo.grinder.rice/databases/bugly_db_-shm
        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        Download Submit
      • /data/data/com.udo.grinder.rice/databases/bugly_db_-wal
        Filesize

        76KB

        MD5

        bbc2912753ac7fd5a1db081dc20306f0

        SHA1

        cd1079350ea55b549e2c6deb9855c15de22a3971

        SHA256

        5d27dc0591952dbf2b8f2dc49e3b44912abcfa63436484a4b3ac82ca2b42ce36

        SHA512

        1f43c550e74bce187a37c737ea4cf2822846c2ac5444e57ea3ae65e07d01724170540d796cd24d115af75fcf479ef4bd08e43b7daa8e5ff322664febc1a250eb

        Download Submit
      • /storage/emulated/0/Android/data/com.udo.grinder.rice/cache/Cache/journal.tmp
        Filesize

        36B

        MD5

        37e8e716e0e2f4a0b05cd9571d95b84d

        SHA1

        f8d068f6931707bddb8cd69f706f2224ad1fea3c

        SHA256

        7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

        SHA512

        e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

        Download Submit
      • /storage/emulated/0/csair-mmp-devices/devices/.DEVICES
        Filesize

        17B

        MD5

        0aef4ad3fd7b7b6fca5f038fc54c2bef

        SHA1

        f3beea33e279de43fbb325e02047de32e2355f2d

        SHA256

        1ff71a0b161a8a2c4bc912a7a567942d28c55fcd0b1dcb8039997186d65e494e

        SHA512

        88c9f1dcb653bb9fb59e3715032464a698321e5120ee1d12ef650f4d4a979a8c6e55d9be569264c73ffc5950bbd303dfd61e3eb8bea9427195c1d47df59432c9

        Download Submit