0d5df53caf0c5d1511058fbd820a44162f0f40782319e14d85c0863a6f67dd13

Analysis

max time kernel
18s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hmdm-5.12-os.apk
Size

4.2MB
MD5

87aff3d15deb3265483726a878b3c823
SHA1

0e28f18337a5c8afdd7cbfad2f0931434a36cb27
SHA256

0d5df53caf0c5d1511058fbd820a44162f0f40782319e14d85c0863a6f67dd13
SHA512

477e20d6500c94079300ece119b38fdb82ceb2aa4c1e04aae2faf6c79359d59b02431d11f1bc73f4ee69ede4a0c48e2c05a387a35a39670b807700ad2a166780
SSDEEP

98304:qlkXtMkrfCgEtl+j/3RtE3/ZE8DXZwR7Pe5Rrww3:D9Mc6gh3RtUXS7Pw3

Score

8^/10

discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.hmdm.launcher
/system/xbin/su	com.hmdm.launcher

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hmdm.launcher

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hmdm.launcher

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hmdm.launcher

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hmdm.launcher

Checks the presence of a debugger
evasion

com.hmdm.launcher
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4262

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hmdm.launcher/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.hmdm.launcher/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
3cacb6b0b38833dcc8c66b9169afa74c

SHA1
8d60b1018ab404959adb1a307447a812d2c4744f

SHA256
f2af89e7af304083335af07c909c57bb6182b1c84c7987ed0e3e02039785a37c

SHA512
50912f451e8e1f59ef89c09bdfd5ca8da6e2dc904ef230633b2ca4c464872bd19872119b808eda90f5b79f54a142e288341bdc4804d3004e325ba8152a7bcf74

Download Submit
/data/data/com.hmdm.launcher/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hmdm.launcher/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
185aeff8595a572d9851dc6615a99b0f

SHA1
9ab7ec7495eaa5102a83896e9b5fd92e4dd33387

SHA256
115bb0156596866188eb96269ae875c99c687fe902b40dac31dd108887e4ff5e

SHA512
66e75dede1ea639f7fc0deea116834f6fe75844213ea990b23fa26dd08e2adabf4d5f86360f217028b4f1fdbcbaba26499291ae8566dd90dd6309621d952eff6

Download Submit
/data/data/com.hmdm.launcher/databases/hmdm.launcher.sqlite-journal

Filesize
512B

MD5
a243b77959b04701a30e037ab55a1f06

SHA1
2ce0ce511b24039ed0a99b04c8e3a4fc49cda72a

SHA256
6ea36cf404773f37c22d2fad7ecebaf8b4c1d9c1647b0152205a7fba22f4c10a

SHA512
255b1eb242e703763ad842804e2a1f8abafa7395e9d548c0d96b4dbd7ecef8a4cc885cc59607ecb4c6294e1b047441f818bc44cf09cfa4ff6b90162a95813ac3

Download Submit
/data/data/com.hmdm.launcher/databases/hmdm.launcher.sqlite-wal

Filesize
52KB

MD5
5d68304677ee11a4426ccfda7e642ab9

SHA1
6561b5af793c8554c6d0369b4a4e3247b5a64ee1

SHA256
b993027451d68d8ce7e924d91366cfd4477330d63c87257a0c1dc257dd9b2074

SHA512
8f9828661905abe635a2776c9acf9979c7448d2d68379026822505dce094728ee71de0a67aa993bf15459fddc27405ef3abb9c1fec45b2a52c7d6984abad6e11

Download Submit
/data/data/com.hmdm.launcher/files/.com.google.firebase.crashlytics/665095F702D5-0001-10A6-E2EC6F2A2BC8BeginSession.cls_temp

Filesize
75B

MD5
97d887fd99a1bc980ed2a66225e0364e

SHA1
5a60ee799f0728e8b951e1626f23c7011adaf08b

SHA256
ceafa2b040b465a17a0366d566cc3b843fa272b2fee2099f0620066518cfeea1

SHA512
c2db02c9f000eb14589c0f1be75f32f08b8f2948f6f8b3b6a52dbe5a101a9103745aafb2a062b268d0a174f716f6777cd0eb052da300cc92ccd4ee67e42f5468

Download Submit
/data/data/com.hmdm.launcher/files/.com.google.firebase.crashlytics/665095F702D5-0001-10A6-E2EC6F2A2BC8SessionApp.cls_temp

Filesize
68B

MD5
500f0fcfa8ff383a79268388a9338042

SHA1
5e4d59525ac613fd6e99454cf40691715f3c62e2

SHA256
45d6013145b86c662573e3950c6da9ddc13a8bb00f0017dc9864092bdaa4ea2e

SHA512
a35898d46e785d17bb49f26d51ea5ebd4e8ec2348870e04de7fda80922eb9b624ac22d6f773144a5b1fea4af1311e75821241a3d7a50fbfafdc0b8f9886e8db9

Download Submit
/data/data/com.hmdm.launcher/files/.com.google.firebase.crashlytics/665095F702D5-0001-10A6-E2EC6F2A2BC8SessionDevice.cls_temp

Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/com.hmdm.launcher/files/.com.google.firebase.crashlytics/665095F702D5-0001-10A6-E2EC6F2A2BC8SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.hmdm.launcher/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
713B

MD5
c8439a79a650b7a2d6be9b8113a77e95

SHA1
dbc170c3ad69a06424377c067b2254fe8730edf9

SHA256
b2c6a1729a778253c5a13bbd1a98cda913464ccb232c18d1e6003a03f1b7f251

SHA512
09b4c0f2e2585330c19ee798107fdc320e552a6bdd67287ce1c3858380df6c10c3ec6a159886f894c89b99beb85c1520247b07769da94e40add3df99f416ca89

Download Submit
/data/data/com.hmdm.launcher/files/.com.google.firebase.crashlytics/report-persistence/sessions/665095F702D5000110A6E2EC6F2A2BC8/report

Filesize
740B

MD5
e60d1434a41282263ef1de2cb2af2588

SHA1
46acba9f496e051d21edbac91ad7a51ca265498b

SHA256
f1650cb00de37c31dd449f978311b37d139e52da37b2a4d7a0a80d7011cb5c97

SHA512
68e83cdcc245b091451a9a35baaf0090c9f192a3956ba4ac7f6aafd49102200009e8220f14635d56d0279c2fbaef69102bd7079b51226e7695d1bc40f409a4c7

Download Submit
/data/data/com.hmdm.launcher/files/PersistedInstallation222760221866902247tmp

Filesize
570B

MD5
c7f5ed9f37f843b1ece81343e00d870a

SHA1
f1b3ee59c19d66c7fbf1aec8c721a209664667b9

SHA256
e6800857ad0c8466efe5838a9405ecfb6952205c2777db7abab5d5947162d2dc

SHA512
159e9439795a1401a5bd083da6c2e0b602ebfc7fb2bb773f28b542a5f58f853dbb6d3f388abc22d59c9bf5ab146200fc732812f4dd35dddca8e13f8f4ccf861b

Download Submit
/data/data/com.hmdm.launcher/files/PersistedInstallation3117056815885705104tmp

Filesize
90B

MD5
aab1236b0f7e4a81700f8c4cacc6c899

SHA1
16c2bfae83d0da0732f4e0966dbd2dcc8d06bc45

SHA256
74f67a5d79f31bbee30695f682fe133184ea9b316edcfe9a3f1af4de0f69eab1

SHA512
9bf7e82cb998b2204cfd0a1d7b5d837189b46465170a49d9d9f2225a86662bc0012a7376d7f5a878c56d370d22c4324e8a3784074b259ee850afbebd8cfdd729

Download Submit
/data/data/com.hmdm.launcher/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f2c0da30641e2ebb510cf9e8521d0191

SHA1
ddfc7cc14709d9aa3166b8e4a0095abcf68e03ee

SHA256
40081532e0bc4a7986bb680457f65e9e1ceaa525749bdbcd47707cfb9325c21f

SHA512
be98354446b35b9013dfedc907b6bfa1b14d2d900ba1278fa85053b74d56a0933c04e42c5875fe7af2b93d9f7af8863fbe3c2d6c10c1cd673942a879e5e10fae

Download Submit
/data/data/com.hmdm.launcher/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
8d3018ad5332878b2a49b7ffcf0c992f

SHA1
f2ed155b186419a261a1e251d02c0d9ce48486b4

SHA256
3fc44d77405c1022e8f6a749b21a1305534946737edd45a6f175bb401069652c

SHA512
23a73aa0a82e6915b84d4dbc3288856594aa45101824a9436bae3a4145f63bb792074ea1be54d24c4718fe0739e19647b47444555f31f9fbbcf4b232a87ec42e

Download Submit
/data/data/com.hmdm.launcher/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
0f381c1d2a965a32e6ee09fc33bf0724

SHA1
3e73b0e2e6ce3ca81e9640a7a912ae07b428058f

SHA256
83394e7e586f7fd09da45b3e77c8bbd3b7d5e0dc5fa2206f86acb650737657b4

SHA512
a65fc012d09a09ec14423f721e00bdc14c7282c77c7fc663da2d1203552eba67062aec129a18990fcd28991f3850789399d0e44de102ca60f95b295cc20c4f40

Download Submit
/data/data/com.hmdm.launcher/no_backup/androidx.work.workdb-wal

Filesize
382KB

MD5
7dd9a15d125cc24cd6d2d8cd2b2621ad

SHA1
3c6ff4b1c07b206680ee51936648025b251f98d7

SHA256
1755f07362b1fa74d751e8528ffb5188525c90bc22b11061a241cffe4e784f61

SHA512
aff95d6ebf8e21f261bf11080febe1395805a4c8e4e9f4f5bc8b7a81284ab452c80b4a36d615ec3c6e8ae39ce1d24331d41afaa1bb359e2328ea9efec94b4de6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads