Analysis
-
max time kernel
32s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
-
submitted
08/06/2024, 21:42
General
-
Target
VirusShare_9cfb618d54d4b782a3d470defd79e564.apk
-
Size
37KB
-
MD5
9cfb618d54d4b782a3d470defd79e564
-
SHA1
cf58d21d98bcf9c4d037cced8f607eeae35a4822
-
SHA256
595032b6998ec767e6503178134c772ea5bd0d18a4f2f6e5b09611ef66b81b4b
-
SHA512
e78ab0f9f9a0e6fc5864260048af3979b487716044082bcdadc9628256989aca0e2a412e7a781d4435f5e8c14686d486cd87dcd8fce26242ac0f01d452fd671a
-
SSDEEP
768:xvFOYulSKRhF/XaCqtmO6FK9yjDi0djPgIYO2haZVeGav27p/CeePCGs:xvFSSKRjXa/k2yjpjPgIYh4ZZRp/3
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Reads the content of the call log. 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
net.biologists1⤵
- Reads the content of the call log.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Defense Evasion
Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2