751d8019a05b7b3ae112ea3ec983a11122aa65d5a499a86c1f23343667ed4bdd

Analysis

max time kernel
78s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

samsung.apk
Size

10.5MB
MD5

5791c3af37f8e78432345ce974faee13
SHA1

f5845fe0748e814a52dc89214de728f9bd1decd0
SHA256

751d8019a05b7b3ae112ea3ec983a11122aa65d5a499a86c1f23343667ed4bdd
SHA512

852db2088bf950c0c3e0add6e8857e930c4da61533032220d83197a6214dc2692ac55a489778e08f9f955abd58f603517629756399f86911e92f8baf3c13153b
SSDEEP

196608:GAsDympsd6pXJkxNCj2ZkDBUk9BPDT9AE+FXYeL7WRLydT:GFew6uXMNC6aDBUsAD5YeLaRLK

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks Android system properties for emulator presence. 1 TTPs 3 IoCs

evasion

System Checks

T1633.001

Processes:

net.soti.mobicontrol.elm.samsung

description	ioc	process
Accessed system property	key: ro.hardware	net.soti.mobicontrol.elm.samsung
Accessed system property	key: ro.product.name	net.soti.mobicontrol.elm.samsung
Accessed system property	key: ro.product.model	net.soti.mobicontrol.elm.samsung

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

net.soti.mobicontrol.elm.samsung:foregroundservice

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground net.soti.mobicontrol.elm.samsung:foregroundservice

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	net.soti.mobicontrol.elm.samsung:foregroundservice

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

net.soti.mobicontrol.elm.samsungnet.soti.mobicontrol.elm.samsung:foregroundservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.soti.mobicontrol.elm.samsung
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.soti.mobicontrol.elm.samsung:foregroundservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

net.soti.mobicontrol.elm.samsung

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo net.soti.mobicontrol.elm.samsung
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Acquires the wake lock 1 IoCs

Processes:

net.soti.mobicontrol.elm.samsung:foregroundservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock net.soti.mobicontrol.elm.samsung:foregroundservice
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

net.soti.mobicontrol.elm.samsung

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo net.soti.mobicontrol.elm.samsung

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	net.soti.mobicontrol.elm.samsung

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.soti.mobicontrol.elm.samsung:foregroundservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.soti.mobicontrol.elm.samsung

net.soti.mobicontrol.elm.samsung
1⤵
- Checks Android system properties for emulator presence.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4627

net.soti.mobicontrol.elm.samsung:foregroundservice
1⤵
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device
- Acquires the wake lock
PID:4756

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.soti.mobicontrol.elm.samsung/app_data/applist.txt
Filesize
15KB

MD5
68007e30dec1c440ffc436e2eef1eb9a

SHA1
7e3d85654dbb2ad0985ab35578bfa31059a94ca2

SHA256
5c7e7967b2f79f2459d8e28310d1370cc623617c627d367402ac05a57651416c

SHA512
0559ab62d48d55631080a5a14b00336b34f7f74dc8b5727c8550aead9fca845cdc704f1aa278c877b07a319829da5ff6a4afa3e0c7088c7e20a6f941715c060f

Download Submit
/data/user/0/net.soti.mobicontrol.elm.samsung/app_logs/mobicontrol.log
Filesize
2.3MB

MD5
1ef3e5aa1206a6ac722234dbefb945ff

SHA1
c51e6e68bf06b5e81bb297a9b0dfd2e174ac4b0b

SHA256
fd91c4b191507a24c004b39e21640a3ad51dc0021afe6a1fe737cd6ce5218995

SHA512
2a82fd316ba9ec7a78c0c9fdd058b481df91d08eb436646e0036bd51e922ac513cf2607c82844c5b20edd90dcc3ade2960578ad7a9a5245a15b48e35f9487b77

Download Submit
/data/user/0/net.soti.mobicontrol.elm.samsung/databases/settings
Filesize
152KB

MD5
5a7c7216e54e954dcae07f42c14603fd

SHA1
476a25fde229248c47e962f0b5a877a94502ebc3

SHA256
9fc6f1687ae6c525fe446ff8d67c8cf86a653758112f866df11c5f7dbf461f75

SHA512
c155576fe983e2a1a870217571a4e45f96b55e10195390c666d237ca40f355c8b309c662407dfa03d5c9c0f7f7ca13c37d342bea552fe50eb2932cad4b81841a

Download Submit
/data/user/0/net.soti.mobicontrol.elm.samsung/databases/settings-journal
Filesize
512B

MD5
d3a27893f1cd30e5a7cc399ad1cb31c4

SHA1
647cfcc80a99d64a0b0edfab661bfcdd0df755d5

SHA256
c61b02715bb7d25be81231d1ff88edc22ef9fce025bcdc267a23eb804120bbe8

SHA512
086b552ac9a061d6058b1cad58cb6bd91dd88047a10fb8b1ab83dc8da848135d3c70a3a4fba9a579bbf812effcd4e59109d7d97e0f8a0abc140833f342945231

Download Submit
/data/user/0/net.soti.mobicontrol.elm.samsung/databases/settings-journal
Filesize
8KB

MD5
58ecd6a3fe1d3bcbec2b6b8a38c1a2a2

SHA1
14b69a0b017bcbf64715e6006c431f16914e6509

SHA256
bb931c17be1ce98cbd9afd785ca5f76bbf81f617280b97cf5afd6e24df29b6f0

SHA512
34118ac3005e7736f52ec3ffa5573cfcf9f2d6dd4a451e97dbbe06f509da162da2368d4c20bf3033a1ce29d47dc94badedaea89fa36eec624baa21399d9c3e41

Download Submit
/data/user/0/net.soti.mobicontrol.elm.samsung/databases/settings-journal
Filesize
8KB

MD5
42f29cf0d43fde4a852b3086f5a7be5b

SHA1
5c88a2b6edc549e01ec15db533d62e190b0b30a8

SHA256
5d29c419aa134d8e26c88264d34354681bd7f95d319086e3059cc51c93ba24f5

SHA512
753719da0af77fa1b540291bf2c0a7065c9ca199abd7b114735b60cdd3de7dd8dec9fb39e75442cfdd37a188796ec5c6df68a1027457644aec58c67fa2a1a8ba

Download Submit
/data/user/0/net.soti.mobicontrol.elm.samsung/databases/settings-journal
Filesize
12KB

MD5
a32fff19303943c0cfc1d6ec16a609d4

SHA1
8539ce9cfd73c7d245da22d811d3040e3f4f53a0

SHA256
5efee3b75c195e21f58595f2f12286a68e9c75a65cc6da948718a6178678408e

SHA512
fd9acbb5e189f5f5828f8eb6c65c382f7aa1f3a3a8283c05f8ec56d8f8a66302ac4e5925ce8a660bd52c1105389e1474adc70d58713496cb94abaf90cf02921e

Download Submit
/data/user/0/net.soti.mobicontrol.elm.samsung/databases/settings-journal
Filesize
12KB

MD5
2592162cf11e978fac957143b4c03133

SHA1
7d140fedc0f1a2cad2642fa0245a27566478f1db

SHA256
7cb5446241198b22845fba73b25ad4c3da493529fbc6fc6c661b261dec243871

SHA512
c583f3cede2c285a1f7964b46475f030b93e4cace789aa68d17d6966453e123a92070e36cfb6404facab5dd631c3f882ec31d23cc5ec13ebb373e77f80e14627

Download Submit
/data/user/0/net.soti.mobicontrol.elm.samsung/databases/settings-journal
Filesize
12KB

MD5
2b5ba149da2d4869607ecaecfc7059e2

SHA1
bc607d02ad89cbc5594de790eeaf53a759515398

SHA256
beaea86e3b4cb307789748b64e23b1d9edb27f3ef30f8d91d3bdaf330356af4f

SHA512
d1c33bed8e24251f4eb9a096e55fc03adb4dbbc094e4c4030b68fb2e29d6fd4ecc9f19f1612f297ce8ab4fed5fcf3499155a50f41da0a7b952f87fb8dbd586b3

Download Submit