Analysis
-
max time kernel
32s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
08/06/2024, 21:42
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_9cfb618d54d4b782a3d470defd79e564.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
VirusShare_9cfb618d54d4b782a3d470defd79e564.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral3
Sample
VirusShare_9cfb618d54d4b782a3d470defd79e564.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
VirusShare_9cfb618d54d4b782a3d470defd79e564.apk
-
Size
37KB
-
MD5
9cfb618d54d4b782a3d470defd79e564
-
SHA1
cf58d21d98bcf9c4d037cced8f607eeae35a4822
-
SHA256
595032b6998ec767e6503178134c772ea5bd0d18a4f2f6e5b09611ef66b81b4b
-
SHA512
e78ab0f9f9a0e6fc5864260048af3979b487716044082bcdadc9628256989aca0e2a412e7a781d4435f5e8c14686d486cd87dcd8fce26242ac0f01d452fd671a
-
SSDEEP
768:xvFOYulSKRhF/XaCqtmO6FK9yjDi0djPgIYO2haZVeGav27p/CeePCGs:xvFSSKRjXa/k2yjpjPgIYh4ZZRp/3
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Reads the content of the call log. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://call_log/calls net.biologists -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock net.biologists -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground net.biologists -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone net.biologists -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN net.biologists -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver net.biologists -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal net.biologists -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo net.biologists -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo net.biologists
Processes
-
net.biologists1⤵
- Reads the content of the call log.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4281
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2