Analysis
-
max time kernel
127s -
max time network
184s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
23-05-2024 12:42
Static task
static1
Behavioral task
behavioral1
Sample
2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
2.apk
Resource
android-x64-20240514-en
General
-
Target
2.apk
-
Size
14.5MB
-
MD5
a3d241bd45ef4dfed526a913a103e3ea
-
SHA1
7678886043841fe0b8320ff68c2d0c6beca2dc98
-
SHA256
b631229d7c9ba7864ecbe95f5599ec76e9dd1db7f242c57a47969b0602a15e53
-
SHA512
7a3145ade31bf606eb3c1b1af7368797fad3500c2eceebe18b1bdf89aad26a5839ebff387fa36b98d3456719ada37e7d2bc0bc8aaf4cd950e9c5505da63bd1a5
-
SSDEEP
393216:YYsLq2lQKg45MLxCMHEQfUNmeBhhvjBxvsPh509n5a0hJLbjz/:YYmq0Q054kUJfkBXjBxvtJ5aGLPT
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.udo.grinder.riceioc process /sbin/su com.udo.grinder.rice -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.udo.grinder.ricedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.udo.grinder.rice -
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
Processes:
com.udo.grinder.riceioc process /sys/qemu_trace com.udo.grinder.rice /system/bin/qemu-props com.udo.grinder.rice /system/lib/libc_malloc_debug_qemu.so com.udo.grinder.rice -
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
Processes:
com.udo.grinder.riceioc process /dev/socket/qemud com.udo.grinder.rice /dev/qemu_pipe com.udo.grinder.rice -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.udo.grinder.ricedescription ioc process File opened for read /proc/meminfo com.udo.grinder.rice -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.udo.grinder.ricedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.udo.grinder.rice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.udo.grinder.ricedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.udo.grinder.rice -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.udo.grinder.ricedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.udo.grinder.rice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.udo.grinder.ricedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.udo.grinder.rice
Processes
-
com.udo.grinder.rice1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5183
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.udo.grinder.rice/app_crashrecord/1002Filesize
228B
MD5ecdd3a1add778511ed06d7d49aeffe1e
SHA11b62a46682995d195277739521fa66fc5b345cc6
SHA2566db33b7bdbf5da4f474ca365b6534f978ea2d5387a61993728a30310883ebd34
SHA512ccf975e28d00364dd3693a573b57f3ed791e81d2dfd9e4d85f85afc4b6f5d0fa002dd38aa7fba5429f84a38012cc389fbe0a137fe47e5d3375f78ec19055f0e0
-
/data/data/com.udo.grinder.rice/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.udo.grinder.rice/app_crashrecord/1004Filesize
228B
MD51fdf136886ecea584fd4b687e47881b2
SHA16ca086b78f000fdaf14840343561a5cb27bafd16
SHA25621eddc12f125a67435032f5ad0b322384b8e5fd472ba295940d49a43199f0862
SHA512532e91b908e41b7c0b7d824400520490b9ee81f5cfaddc9f73dfc5ab2dff864bcd61298a6d7d11aed06914d4fa5f748ab6cbeac7f1fcc13e4f5a3a3ba86b9dc3
-
/data/data/com.udo.grinder.rice/databases/bugly_db_Filesize
52KB
MD5fed92974deb0f1ad01c41ca4802f6a8a
SHA1643fb3f9bbd9faf422ec059eee59e54b1a1b6618
SHA2568b39f3aa5302ca51710a4e39a9dfe5c5112aab1202023c2c2bd26968e2510bde
SHA5128751b6223edb706b936b4183cf984c622b218802b7f1f326a9a646f5f70fb8032c454941009444b598b93dea60c42e70cc5204a955064400dd1e7143d3fb1489
-
/data/data/com.udo.grinder.rice/databases/bugly_db_-journalFilesize
8KB
MD5404e47fca3c12698e0f7b0b2958ec67a
SHA1406a950e2958398362a0e1d5f314495e93a6037e
SHA256e37f2085da3e7bfb0086a2df553a9e371d7f78f097b2949d2fbcfae447493dc8
SHA512c8de71a291ae5388800e1baf2d2e42d690d28104916dbe9973fd2fdcaf1f2fb5bf8fedc9cb9a21bbc92808088c02e0b820b1b64b9351f8fa9bc0e5f1e62fe360
-
/data/data/com.udo.grinder.rice/databases/bugly_db_-journalFilesize
8KB
MD595f9b815d3860f380e93e0b00d1663a5
SHA11de805bbf5b1447ebd8a89c0920fc6aaf01ef862
SHA256da460c0c7a9ca3277763c7ea79cf6e1f410d232e43c25111db3ce9f49200d358
SHA512d20cdb098b6533c3657ff3f341ff47d1aa19ee69898ae26bbbac5cb61928f0b326b5f9920b38f4e21545e8568484d6c781ce72c3f16be13aa4c117e50ec1c714
-
/data/data/com.udo.grinder.rice/databases/bugly_db_-journalFilesize
8KB
MD596f1aa4cbf69e10341a5308062a409ff
SHA1c9edc8ca713f08ff1361d6eeeec9f5d4a53d566a
SHA25658f9f6bdc6ac977654d068524cc6fc14556b66bf4c74952ce35d0ad8c9f92e5b
SHA5122219b9ce030e3752fc4b4d4960eb7a0a131b72e1de3e6834942864a304093a15e6e1b80dec2c34a3adfbc3d12c5f39e81fd2e7973051f1d5763600b294d97eb5
-
/data/data/com.udo.grinder.rice/databases/bugly_db_-journalFilesize
8KB
MD5f0112e27bcb4b58cfb456aaa07cf169b
SHA1c9115c983b6f76164403f28e2524b51d64b6bd85
SHA256ca49b2961878691aef63e0354baf44b1b0c809d9c1a0fd2e08913dce87375c8e
SHA512283f9c4559ae9dc15b8398bb889e13aacd07d9216f37862a2e23186bbb91b30a9afd1131390227dc2b3243f70f0c5f146a70e95fa573cb6f20e5a7f96418f1ad
-
/data/data/com.udo.grinder.rice/databases/bugly_db_-journalFilesize
8KB
MD52f05072f42ff3ad878c5b0faa5cd2ced
SHA14d90fac45d062ae84376708da6d085f4b3a4d4f9
SHA2562e3d70e21d4ef67c89b231f15083c3b3b8695acb3b768a62b0874462c21ac833
SHA5129327a8a2c08d44e667021c5ec9b346fb40481a57a770e10a5fcd47d95fca9992f56589a1a60d067a8bcfba32b4199aed41477733dee6a42350fdea56b79c0f4b
-
/data/data/com.udo.grinder.rice/databases/bugly_db_-journalFilesize
512B
MD5697e7feb0c96b53076b5523a251fb40a
SHA11987355eaaf3c9bf96c14d4b444abff67f814fc5
SHA25622d8ff7718656df1c711a5f8074fe9cf42779b08a89124d29c7d85ecc7b2903e
SHA512f27374bbdcb3ae4c098a7499e364823bc7666020295787ab138828a982af9d6696db7cb86f9fc3e60830ae7314dd6405bb43d97b079c9166dcdb138fcca327b6
-
/storage/emulated/0/Android/data/com.udo.grinder.rice/cache/Cache/journal.tmpFilesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6
-
/storage/emulated/0/csair-mmp-devices/devices/.DEVICESFilesize
17B
MD5c35748f96cf84f25ecc4dd365c638fdf
SHA176ee1a228386f11a32670fe59af4b46f71a52ec4
SHA2565745ddfc7377a1266a8e0ee73b80380d3352c0cc08bf2dbc16557f9b052f183f
SHA5122711fbc0c970b60668296df13208619184af044e87106890bd59636159e45b802313972854ce94d09f57af2fd998721ee4f0061a604df2249596cbf7ffd6ae54