Overview

overview

7

Static

static

6

6f7afa5145...d9.apk

android-9-x86

1

xx_sign.apk

android-9-x86

7

Analysis

  • max time kernel
    179s
  • max time network
    162s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    28-05-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xx_sign.apk

  • Size

    441KB

  • MD5

    d4861bf657b58a38ee68b09de54aca83

  • SHA1

    17ed573b81da6dd4754b345a1c8b5d0b97e797d1

  • SHA256

    416a58f3d7e8f170233cdf9cd6474c2b3466600b4e4f0d2b845e18d0b70ac7ee

  • SHA512

    3071a930464de90f886d3f863ce0df569802ed370c28489fd1745f986e285d7d4a7ea77bd169fdba59bfcb2c390497024320f217915d6a7990e2e14464258597

  • SSDEEP

    12288:W85Jjex7UVhk+uKyTjoVccY23q/B38w/S+xDUUbac+wFAa+NH9:WcJjwUVJyTj/WSL/SIwks3

Score
7/10
discoveryevasionexecutionimpactpersistenceprivilege_escalation

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Tries to add a device administrator. 2 TTPs 1 IoCs
    privilege_escalationimpact
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.shopcj
    1⤵
    • Loads dropped Dex/Jar
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Tries to add a device administrator.
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4312
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.shopcj/files/arm/classes.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.tencent.shopcj/files/arm/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4345

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.shopcj/files/arm/classes.dex
    Filesize

    783KB

    MD5

    d46ea9fc5e1d684ac0041c60a40eadd9

    SHA1

    51137bdda194a0dad0ccf58670716289a9194bab

    SHA256

    92570988ae70869f869f179dcf26cda133d42b4ab7c9fbe991cec6620dcf9e47

    SHA512

    6f4a0b28839dd4115f3f0bad93a195ba156ad41726883875d0fc22a5625b96c48de4ac50e5b71a21a994173f90f881c9159f75dace3702673a94d58348d1794d

    Download Submit
  • /data/user/0/com.tencent.shopcj/files/arm/classes.dex
    Filesize

    783KB

    MD5

    994f579005954064763a06583f11240e

    SHA1

    acad628336ecf1040e6cc874f4173f208538c9c1

    SHA256

    91255a585ca29fbdb1e05e1bf0e92a8ced3292d6c0988bd9888caa67c1b7046a

    SHA512

    a3cea48e3db55a491170f108320899d4a5bea7f1b7b8f160aaca13f8634aff06fb64703539b142422e4f2cd341a7e04292dd170907528d31eede8555469e433c

    Download Submit