Analysis
-
max time kernel
33s -
max time network
38s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
28-05-2024 07:42
Static task
static1
Behavioral task
behavioral1
Sample
07ea0a73b6d33249f26a5393d30dca8977a1775439253d1b98cf4c157f402f88.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
07ea0a73b6d33249f26a5393d30dca8977a1775439253d1b98cf4c157f402f88.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
07ea0a73b6d33249f26a5393d30dca8977a1775439253d1b98cf4c157f402f88.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
07ea0a73b6d33249f26a5393d30dca8977a1775439253d1b98cf4c157f402f88.apk
-
Size
9.4MB
-
MD5
efb8696f788a650219f1233fcf6be79b
-
SHA1
72000a7faad1c40d56e49e9c36c2692e31b3ef59
-
SHA256
07ea0a73b6d33249f26a5393d30dca8977a1775439253d1b98cf4c157f402f88
-
SHA512
a8a04b77546084b5bb63f5f9e443a24123a4a8c425201dc98c0d37f2c723e122d077c7c50e157ee26ced69a00baf943167ffa67588f48b7aade652485db70fa2
-
SSDEEP
196608:DP5lb3ljyXEpy8bDRUYTnHb4Jao3GEi/+dM2WR2VCUHufTrkI1LL3aNbAGR90R:DP5lDEXE4ADRUYTHKPaHrf1H3gAG7M
Malware Config
Signatures
-
Android SMSeye payload 2 IoCs
resource yara_rule behavioral1/files/fstream-2.dat family_smseye behavioral1/memory/4292-3.dex family_smseye -
SMSeye
SMSeye is an open source Android spyware that targets Android SMS.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo boost.com -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo boost.com -
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/boost.com/app_ded/GWy7bEx88EDD73dBGsEalHLahR185mFx.dex 4292 boost.com /data/user/0/boost.com/app_ded/GWy7bEx88EDD73dBGsEalHLahR185mFx.dex 4330 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/boost.com/app_ded/GWy7bEx88EDD73dBGsEalHLahR185mFx.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/boost.com/app_ded/oat/x86/GWy7bEx88EDD73dBGsEalHLahR185mFx.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/boost.com/app_ded/GWy7bEx88EDD73dBGsEalHLahR185mFx.dex 4292 boost.com /data/user/0/boost.com/app_ded/ODXiyzYYmrGbpgonGBhq2AX0uqagt94f.dex 4292 boost.com /data/user/0/boost.com/app_ded/ODXiyzYYmrGbpgonGBhq2AX0uqagt94f.dex 4384 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/boost.com/app_ded/ODXiyzYYmrGbpgonGBhq2AX0uqagt94f.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/boost.com/app_ded/oat/x86/ODXiyzYYmrGbpgonGBhq2AX0uqagt94f.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/boost.com/app_ded/ODXiyzYYmrGbpgonGBhq2AX0uqagt94f.dex 4292 boost.com -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone boost.com -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver boost.com -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal boost.com
Processes
-
boost.com1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4292 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/boost.com/app_ded/GWy7bEx88EDD73dBGsEalHLahR185mFx.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/boost.com/app_ded/oat/x86/GWy7bEx88EDD73dBGsEalHLahR185mFx.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4330
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/boost.com/app_ded/ODXiyzYYmrGbpgonGBhq2AX0uqagt94f.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/boost.com/app_ded/oat/x86/ODXiyzYYmrGbpgonGBhq2AX0uqagt94f.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4384
-
-
rm -r/data/user/0/boost.com/app_ded/ODXiyzYYmrGbpgonGBhq2AX0uqagt94f.dex2⤵PID:4414
-
-
rm -r/data/user/0/boost.com/app_ded/oat/x86/GWy7bEx88EDD73dBGsEalHLahR185mFx.odex2⤵PID:4428
-
-
rm -r/data/user/0/boost.com/app_ded/oat/x86/ODXiyzYYmrGbpgonGBhq2AX0uqagt94f.vdex2⤵PID:4447
-
-
rm -r/data/user/0/boost.com/app_ded/oat/x86/ODXiyzYYmrGbpgonGBhq2AX0uqagt94f.odex2⤵PID:4466
-
-
rm -r/data/user/0/boost.com/app_ded/oat/x86/GWy7bEx88EDD73dBGsEalHLahR185mFx.vdex2⤵PID:4484
-
-
rm -r/data/user/0/boost.com/app_ded/GWy7bEx88EDD73dBGsEalHLahR185mFx.dex2⤵PID:4504
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.7MB
MD5a0388eba4cb186208efb2cffd902b58c
SHA14c965330b4f8539626103e0662cecf3d17edbbd8
SHA25625c22ddd7f10ab970d667c53ec0422eee324c1daa08e9f2553c5d0c17d3ce1df
SHA512a0644699b37e6f3cad73e20a9bf7a8c3a9474aad0ad277236e71394129f414db0ff7e13cdd93f38c063105e8dedf2e5679d8298a4d364345fa96979f0c604f66
-
Filesize
11.1MB
MD5b1116567fe537e82e5c08a3fbd98db8b
SHA13bacff4f8edd43921427e3217ae2041489fe1331
SHA256de4605d3af30b44ba2bf50bfc6947524f59a1588a0cc142facc18a03bfe06e58
SHA51292dc102db13d704d799cac1b22155cdc9cdb0db0405c285ffb9fcc3dafcaa9ff3aef592eef82d75a37cf43d018fae174509e60cb78ef37476835e8c4dab63f96
-
Filesize
4.7MB
MD5e3a8a48f11d5bdfe51b716bd80156b9e
SHA1837bac183da8660f9323595edb2a49ad2e41d389
SHA25620e3b3821ff92642aac44f3163928f15e3f4f899aab9c1b8780e4306f5d8dd2d
SHA5127c8205ef8960b5c124e4ffe595b79054528c4d1757540382df28a536c3a2ee16b234031bb87bc9d154c210c38b6d9220a5eb1e42dd5c35d6e903b1394947ce31
-
Filesize
11.1MB
MD5797c6c4c7221cb37dfab1fc6d812ed87
SHA1ac5471c6b5adb1face4efafd2fbc3db0822474e7
SHA256a2eacbb3ead3450488d671b422fff78205bcb9da71826d27355623fb942d2e00
SHA51258115ec21c86fc3baee5c9e2395d2c57ddadd5cfc821608502d916278e98e990c2c8331ff57c2ef5d1427008b67afe7c89c4e1e172db7e61ffabbb9f92c48622