Analysis
-
max time kernel
66s -
max time network
161s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
24-05-2024 12:40
Static task
static1
Behavioral task
behavioral1
Sample
b2livecam.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
b2livecam.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
b2livecam.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
b2livecam.apk
-
Size
3.9MB
-
MD5
c9f96cf69638d9644e2a31ca656ac8f4
-
SHA1
afae9b0c961119acf66d977c0d22814b58f32451
-
SHA256
f69b553926e56ee3790db11d05464c31e9ad14e561842590f7ba2e155999ba19
-
SHA512
8c53b239230cc2ef98082a6e0cc6723b10f6195e0e1e96e8bd934ca5b3357d6c2425c91e7fc8faa03f10f3b23380a71130206dd9c36506e374c64fd316fec851
-
SSDEEP
98304:wrL0Vvg9pn6hnEG4hx7+FNFbEbW4u5UXLbZ+Or2p+:wr36hEG4+jFoC4uGLN+gL
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.b2livecam1.appdeployioc process /sbin/su com.b2livecam1.appdeploy /system/bin/su com.b2livecam1.appdeploy -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock 1 IoCs
Processes:
com.b2livecam1.appdeploydescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.b2livecam1.appdeploy -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.b2livecam1.appdeploydescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.b2livecam1.appdeploy -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.b2livecam1.appdeploy/databases/OneSignal.dbFilesize
20KB
MD5fd10aa90dbe453ea36e60b5a198abc4c
SHA1321591172291841d4e9f9a7f7174849a5f37f0a9
SHA256eb72b30ab2d0113e90ec8136d94e5b236c5f04f7164b69ae427b0c52d61f6f92
SHA5123cc9f2ac9269a1ed13d27be55dbeda332a36b59d98fa4d07eaecf3383354a6b7d563fae049d5f41f548a995493bd539a831e9207a0b81f4d35c8b621f4d944ae
-
/data/user/0/com.b2livecam1.appdeploy/databases/OneSignal.db-journalFilesize
512B
MD56c334631e97640399ff70484749b08ba
SHA19afa978b51fa430956ba7aa621608c4cf1979de0
SHA25629aaa1552f4c6760b18149186b3cf20c3a2d50200dd3afb9858cb749b0a6f1a0
SHA5125dc398eee10f42d3c65a65d522dfa6bdd1d8019d134d067a331be2041732ae903cbdd2bf2f8cbad3b9b407fc2b6e0931f6bd53859bcb5e97a47ad8c68ae04f01
-
/data/user/0/com.b2livecam1.appdeploy/databases/OneSignal.db-journalFilesize
8KB
MD58851bdbe0211ddd7ff14773adad645c3
SHA12b44fcfe957346c651dc0a0c71f9d9251be0c6e9
SHA2565a24fd57cf0c02e87173c11a46984777c91926116dabfc2c0793218a1454792a
SHA51247c0266124d2d8ca05d7683d80a061f848355db90cf92a08a0eea8b9ffd5c69dc17da8686ebd9f47ac5a4361ef23d8b25eda8e7ac5b9164ecd19bd2b88ca6955
-
/data/user/0/com.b2livecam1.appdeploy/databases/OneSignal.db-journalFilesize
8KB
MD58731a71f34bb0420a6e5d6ead13fe458
SHA1d559ae126785e047802e7bf846bec0c830fde1ca
SHA25618f1a74762f07c75cefe954264b43076717fa3a996c58afb5b8d03db4dce23e4
SHA51261d08a237d14458b4382afa52b2473efe025fa46945738d1a265da9e53dfed750528e17567c5b46d5f0b3dbf8da75488339e71b4bd4bf4c86cc59b21aa9ca4aa