e0387da6544c241cb10bd13315d562456b89a5c0096dc56aee46a01ec6e89015

Analysis

max time kernel
3s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240603-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
submitted
03-06-2024 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

alipay_plugin.apk
Size

353KB
MD5

dd52e580fdc30c22ff74a0a95699812b
SHA1

dab8078684009e38a42cf6558334034c65abfe4c
SHA256

fce475f3b93395275715d091da317ddc1a2b90ae7f69a2fc92054fed54b0305a
SHA512

ba8f12c9f2f08a3597b8885046005f14a88be3225a9436effa1f88ff3621eef937328470650532184c7fd93eaf4fa3889f3a8302dda6d1e9a0f1ca364a4d8370
SSDEEP

6144:WMlT2W4wFsn+Ma0dirSaWXwP6o3Ju0x2L3Rp5tPVKt9m8rpvCpCBJO0:WMl4wFU+MaoihWAN54htduNrpvCAvT

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.alipay.android.app

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.alipay.android.app

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.alipay.android.app

com.alipay.android.app
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4310

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads