bef878efe20f933244b949e2e4aeb7194e9ffbb4457529121939b94e7642e013

Analysis

max time kernel
36s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
03-06-2024 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bef878efe20f933244b949e2e4aeb7194e9ffbb4457529121939b94e7642e013.apk
Size

3.6MB
MD5

eac529caad0626c13ebec5d5bc546160
SHA1

c85b3548b7a0962257a60a3ff69b17d3d5b87ca5
SHA256

bef878efe20f933244b949e2e4aeb7194e9ffbb4457529121939b94e7642e013
SHA512

1274c7d6aaa7a43acc5261f94764f3cab031b8cc77c679df9a039ae9d74dd08b7207415e9dd776320d09368658829b1d5f05a9f9f98246f9c3bd84f56ea761cc
SSDEEP

98304:D4+J37xLu4/uLnLOLZLMyLHLYL1LcLQL4LVLUKnt:8+J1y4G7y9gyr0BoM0xn

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cordova.shishi

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cordova.shishi

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cordova.shishi

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cordova.shishi

Checks the presence of a debugger
evasion

com.cordova.shishi
1⤵
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4296

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads