00a73ec14da4b3b9024cba47edf24c6ac168427baec95d3367bf4a9d08090ad7

Analysis

max time kernel
86s
max time network
83s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
02-06-2024 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UMPSA ADAB_3.2.0_apkcombo.com.apk
Size

79.6MB
MD5

8dde3cd9e2f57024c9fd09e94cc352d2
SHA1

8ca24e13fe957b087c57d0e719e959398c0038d9
SHA256

00a73ec14da4b3b9024cba47edf24c6ac168427baec95d3367bf4a9d08090ad7
SHA512

6a99e89fa364ecbb258249062e50b657d942d77abc47743d1ed8ea236d71689439347283580955e8733cbbece167a6d7fc568e843331ea80fe46be43b273dd0e
SSDEEP

1572864:fXDpWss8xYjf34pjZ9V2r3em+XzNsOC4zhvrhu:7ZxYz34pjZA+XzTRVI

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

my.edu.ump.adab

description	ioc	Process
File opened for read	/proc/cpuinfo	my.edu.ump.adab

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

my.edu.ump.adab

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	my.edu.ump.adab

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

my.edu.ump.adab

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	my.edu.ump.adab

my.edu.ump.adab
1⤵
- Checks CPU information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4354

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/my.edu.ump.adab/cache/FFSimpleDiskCache/3682FA097238FF012AD49FCF9AA26FB3.2592000

Filesize
468KB

MD5
3b6085c070b77c7eafe3606e3eaedffd

SHA1
7dce4f958f4d3a1c47cd39d5ce073c91d8ba8601

SHA256
6c694a77f1d6c066bc4efbe6e086278896cffa59f97db57ce65877012f62415c

SHA512
54246361bb6b0edf60d51135bb62a37ac77f2ae5f7b7862e149ff05d0745883fc7a37a2123f47934f66b1e042cbb42172a1b104a55b49b7426fb752a17b4922a

Download Submit