Overview

overview

7

Static

static

6

416a58f3d7...ee.apk

android-9-x86

7

Analysis

  • max time kernel
    179s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    28-05-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    416a58f3d7e8f170233cdf9cd6474c2b3466600b4e4f0d2b845e18d0b70ac7ee.apk

  • Size

    441KB

  • MD5

    d4861bf657b58a38ee68b09de54aca83

  • SHA1

    17ed573b81da6dd4754b345a1c8b5d0b97e797d1

  • SHA256

    416a58f3d7e8f170233cdf9cd6474c2b3466600b4e4f0d2b845e18d0b70ac7ee

  • SHA512

    3071a930464de90f886d3f863ce0df569802ed370c28489fd1745f986e285d7d4a7ea77bd169fdba59bfcb2c390497024320f217915d6a7990e2e14464258597

  • SSDEEP

    12288:W85Jjex7UVhk+uKyTjoVccY23q/B38w/S+xDUUbac+wFAa+NH9:WcJjwUVJyTj/WSL/SIwks3

Score
7/10
discoveryevasionexecutionimpactpersistenceprivilege_escalation

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Tries to add a device administrator. 2 TTPs 1 IoCs
    privilege_escalationimpact
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.shopcj
    1⤵
    • Loads dropped Dex/Jar
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Tries to add a device administrator.
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4213

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.shopcj/files/arm/classes.dex
    Filesize

    783KB

    MD5

    d46ea9fc5e1d684ac0041c60a40eadd9

    SHA1

    51137bdda194a0dad0ccf58670716289a9194bab

    SHA256

    92570988ae70869f869f179dcf26cda133d42b4ab7c9fbe991cec6620dcf9e47

    SHA512

    6f4a0b28839dd4115f3f0bad93a195ba156ad41726883875d0fc22a5625b96c48de4ac50e5b71a21a994173f90f881c9159f75dace3702673a94d58348d1794d

    Download Submit