b631229d7c9ba7864ecbe95f5599ec76e9dd1db7f242c57a47969b0602a15e53

Analysis

max time kernel
127s
max time network
184s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
23-05-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.apk
Size

14.5MB
MD5

a3d241bd45ef4dfed526a913a103e3ea
SHA1

7678886043841fe0b8320ff68c2d0c6beca2dc98
SHA256

b631229d7c9ba7864ecbe95f5599ec76e9dd1db7f242c57a47969b0602a15e53
SHA512

7a3145ade31bf606eb3c1b1af7368797fad3500c2eceebe18b1bdf89aad26a5839ebff387fa36b98d3456719ada37e7d2bc0bc8aaf4cd950e9c5505da63bd1a5
SSDEEP

393216:YYsLq2lQKg45MLxCMHEQfUNmeBhhvjBxvsPh509n5a0hJLbjz/:YYmq0Q054kUJfkBXjBxvtJ5aGLPT

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.udo.grinder.rice

ioc process

/sbin/su com.udo.grinder.rice
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.udo.grinder.rice

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.udo.grinder.rice
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

System Checks
T1633.001

Processes:

com.udo.grinder.rice

ioc process

/sys/qemu_trace com.udo.grinder.rice
/system/bin/qemu-props com.udo.grinder.rice
/system/lib/libc_malloc_debug_qemu.so com.udo.grinder.rice
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

com.udo.grinder.rice

ioc process

/dev/socket/qemud com.udo.grinder.rice
/dev/qemu_pipe com.udo.grinder.rice
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.udo.grinder.rice

description ioc process

File opened for read /proc/meminfo com.udo.grinder.rice
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.udo.grinder.rice

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.udo.grinder.rice
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.udo.grinder.rice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.udo.grinder.rice
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.udo.grinder.rice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.udo.grinder.rice
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.udo.grinder.rice

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.udo.grinder.rice

ioc	process
/sbin/su	com.udo.grinder.rice

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.udo.grinder.rice

ioc	process
/sys/qemu_trace	com.udo.grinder.rice
/system/bin/qemu-props	com.udo.grinder.rice
/system/lib/libc_malloc_debug_qemu.so	com.udo.grinder.rice

ioc	process
/dev/socket/qemud	com.udo.grinder.rice
/dev/qemu_pipe	com.udo.grinder.rice

description	ioc	process
File opened for read	/proc/meminfo	com.udo.grinder.rice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.udo.grinder.rice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.udo.grinder.rice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.udo.grinder.rice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.udo.grinder.rice

com.udo.grinder.rice
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5183

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.udo.grinder.rice/app_crashrecord/1002
Filesize
228B

MD5
ecdd3a1add778511ed06d7d49aeffe1e

SHA1
1b62a46682995d195277739521fa66fc5b345cc6

SHA256
6db33b7bdbf5da4f474ca365b6534f978ea2d5387a61993728a30310883ebd34

SHA512
ccf975e28d00364dd3693a573b57f3ed791e81d2dfd9e4d85f85afc4b6f5d0fa002dd38aa7fba5429f84a38012cc389fbe0a137fe47e5d3375f78ec19055f0e0

Download Submit
/data/data/com.udo.grinder.rice/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.udo.grinder.rice/app_crashrecord/1004
Filesize
228B

MD5
1fdf136886ecea584fd4b687e47881b2

SHA1
6ca086b78f000fdaf14840343561a5cb27bafd16

SHA256
21eddc12f125a67435032f5ad0b322384b8e5fd472ba295940d49a43199f0862

SHA512
532e91b908e41b7c0b7d824400520490b9ee81f5cfaddc9f73dfc5ab2dff864bcd61298a6d7d11aed06914d4fa5f748ab6cbeac7f1fcc13e4f5a3a3ba86b9dc3

Download Submit
/data/data/com.udo.grinder.rice/databases/bugly_db_
Filesize
52KB

MD5
fed92974deb0f1ad01c41ca4802f6a8a

SHA1
643fb3f9bbd9faf422ec059eee59e54b1a1b6618

SHA256
8b39f3aa5302ca51710a4e39a9dfe5c5112aab1202023c2c2bd26968e2510bde

SHA512
8751b6223edb706b936b4183cf984c622b218802b7f1f326a9a646f5f70fb8032c454941009444b598b93dea60c42e70cc5204a955064400dd1e7143d3fb1489

Download Submit
/data/data/com.udo.grinder.rice/databases/bugly_db_-journal
Filesize
8KB

MD5
404e47fca3c12698e0f7b0b2958ec67a

SHA1
406a950e2958398362a0e1d5f314495e93a6037e

SHA256
e37f2085da3e7bfb0086a2df553a9e371d7f78f097b2949d2fbcfae447493dc8

SHA512
c8de71a291ae5388800e1baf2d2e42d690d28104916dbe9973fd2fdcaf1f2fb5bf8fedc9cb9a21bbc92808088c02e0b820b1b64b9351f8fa9bc0e5f1e62fe360

Download Submit
/data/data/com.udo.grinder.rice/databases/bugly_db_-journal
Filesize
8KB

MD5
95f9b815d3860f380e93e0b00d1663a5

SHA1
1de805bbf5b1447ebd8a89c0920fc6aaf01ef862

SHA256
da460c0c7a9ca3277763c7ea79cf6e1f410d232e43c25111db3ce9f49200d358

SHA512
d20cdb098b6533c3657ff3f341ff47d1aa19ee69898ae26bbbac5cb61928f0b326b5f9920b38f4e21545e8568484d6c781ce72c3f16be13aa4c117e50ec1c714

Download Submit
/data/data/com.udo.grinder.rice/databases/bugly_db_-journal
Filesize
8KB

MD5
96f1aa4cbf69e10341a5308062a409ff

SHA1
c9edc8ca713f08ff1361d6eeeec9f5d4a53d566a

SHA256
58f9f6bdc6ac977654d068524cc6fc14556b66bf4c74952ce35d0ad8c9f92e5b

SHA512
2219b9ce030e3752fc4b4d4960eb7a0a131b72e1de3e6834942864a304093a15e6e1b80dec2c34a3adfbc3d12c5f39e81fd2e7973051f1d5763600b294d97eb5

Download Submit
/data/data/com.udo.grinder.rice/databases/bugly_db_-journal
Filesize
8KB

MD5
f0112e27bcb4b58cfb456aaa07cf169b

SHA1
c9115c983b6f76164403f28e2524b51d64b6bd85

SHA256
ca49b2961878691aef63e0354baf44b1b0c809d9c1a0fd2e08913dce87375c8e

SHA512
283f9c4559ae9dc15b8398bb889e13aacd07d9216f37862a2e23186bbb91b30a9afd1131390227dc2b3243f70f0c5f146a70e95fa573cb6f20e5a7f96418f1ad

Download Submit
/data/data/com.udo.grinder.rice/databases/bugly_db_-journal
Filesize
8KB

MD5
2f05072f42ff3ad878c5b0faa5cd2ced

SHA1
4d90fac45d062ae84376708da6d085f4b3a4d4f9

SHA256
2e3d70e21d4ef67c89b231f15083c3b3b8695acb3b768a62b0874462c21ac833

SHA512
9327a8a2c08d44e667021c5ec9b346fb40481a57a770e10a5fcd47d95fca9992f56589a1a60d067a8bcfba32b4199aed41477733dee6a42350fdea56b79c0f4b

Download Submit
/data/data/com.udo.grinder.rice/databases/bugly_db_-journal
Filesize
512B

MD5
697e7feb0c96b53076b5523a251fb40a

SHA1
1987355eaaf3c9bf96c14d4b444abff67f814fc5

SHA256
22d8ff7718656df1c711a5f8074fe9cf42779b08a89124d29c7d85ecc7b2903e

SHA512
f27374bbdcb3ae4c098a7499e364823bc7666020295787ab138828a982af9d6696db7cb86f9fc3e60830ae7314dd6405bb43d97b079c9166dcdb138fcca327b6

Download Submit
/storage/emulated/0/Android/data/com.udo.grinder.rice/cache/Cache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/storage/emulated/0/csair-mmp-devices/devices/.DEVICES
Filesize
17B

MD5
c35748f96cf84f25ecc4dd365c638fdf

SHA1
76ee1a228386f11a32670fe59af4b46f71a52ec4

SHA256
5745ddfc7377a1266a8e0ee73b80380d3352c0cc08bf2dbc16557f9b052f183f

SHA512
2711fbc0c970b60668296df13208619184af044e87106890bd59636159e45b802313972854ce94d09f57af2fd998721ee4f0061a604df2249596cbf7ffd6ae54

Download Submit