Analysis

  • max time kernel
    76s
  • max time network
    152s
  • platform
    android_x64
  • resource
    android-x64-20240603-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system
  • submitted
    09-06-2024 06:56

General

  • Target

    indus.apk

  • Size

    8.3MB

  • MD5

    29ddf80eed11d404f1be5d8a2e147935

  • SHA1

    ab6715ba58ad31c81bbbc04403c1151d5246ecae

  • SHA256

    2abd77540e0f6e59c1a36d0b6a4db50570d98d3037ee592458dda38d19da30b1

  • SHA512

    f826dacad0cbf7b30753f98e4ac7bd50962e90f10d6f4e3fa42e0b65edd6b7a3151ef044a5812b3cd8d193d5e03fa835c6022b93ef711a5fb7998c27b61952af

  • SSDEEP

    196608:O+08YxPBpzZzo8zY2jHm4jgGPNyDLP0XpVOfL:10nzZzooLPPQDLPB

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.bank.lead.owzlmjgmgy
    1⤵
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4980

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bank.lead.owzlmjgmgy/files/PersistedInstallation4288716349682409379tmp

    Filesize

    90B

    MD5

    ad6bbaf9e60e0415d44ebae3559a48a9

    SHA1

    e5fe07b299329bba34a245fb45d79df9a02b16fd

    SHA256

    dc4f8f30b6637dd35e889a5f9d814c41748c7d85bb75d369025e60e3264a6bdc

    SHA512

    e1a0652125512b350cea1e293214e961a8b7067c56bf8b4016c2787ce8e7be88b0e40a41bb783774c4f2b4ac1dbd2e93c5f5d3b8634d5c272fb02bf69a11ed82

  • /data/data/com.bank.lead.owzlmjgmgy/files/PersistedInstallation5298585980952123284tmp

    Filesize

    567B

    MD5

    8420c2b71df04af7ef1bb18b381a6db2

    SHA1

    48956ff3e1c4cb59d78bedcc751cfa8130737323

    SHA256

    8e2b7c367f8ce5d8b8eba4c30db3636bf462957c245a100d9de684df694a6e54

    SHA512

    7411e0f6efa20d2bde369476a1deffda5ed2a3cbc818c55b5d86eddce29e126698838a3ebcd21a0a1b8ad18277da2f2c6398ccd869dbfbdc3d2e8648361dc4bc

  • /data/data/com.bank.lead.owzlmjgmgy/files/profileInstalled

    Filesize

    24B

    MD5

    bc24866c0d8bfae639ad265a29575ae8

    SHA1

    261ed57a6a061f9eab917a7aa8b62b844d7647ff

    SHA256

    d9b037456c0d64cffef4bd99a8ed2053451ef5a529fa92548777392abacb014b

    SHA512

    71e3717bc4d7132345a9ced13b40037ffa05d1c057b160a3693b3c3ed99b06dc102929a8e8bee031b8af9f570b2c5eb114c628b13087c9f64c1bdb4f0d2e5442

  • /data/data/com.bank.lead.owzlmjgmgy/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    81aa7d75280c48aeff70e9d8b42cb4d9

    SHA1

    2e0b8246f15a21eb119dab9b8c7b86d2739f655a

    SHA256

    bde8d65a206a107005277c5b5283246f742fadd14ac68560ac98eb40c00e947c

    SHA512

    946e61ae7947d4bf7d249eb949f55f148a7cf68473b398c14afb6713d750b08c0fd4cf6166205c960933871740ec4b7412315c09dc3a13f93be0c45e2feadc1d

  • /data/data/com.bank.lead.owzlmjgmgy/no_backup/androidx.work.workdb

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.bank.lead.owzlmjgmgy/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    03960b9b42d9141d07f411e414a88a51

    SHA1

    b2766228db414c11c13023210133f580532d523b

    SHA256

    5b92660497fe775a64b527af23e1356ebaad517dff7997a13e67ddcfbb6d01f2

    SHA512

    ca756ab8b7ebbebd499922781098076b8305601e09bf2204d5b900510fe20b82077fd3b65b25e88ed038515df0edc69ea6618556aec080f0dd9d14bd1a4047ec

  • /data/data/com.bank.lead.owzlmjgmgy/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.bank.lead.owzlmjgmgy/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    052ca06db62acfacfe570730989c8224

    SHA1

    a7f1bea11e9a3fca6e0ae70bd2cd1000b6513de5

    SHA256

    f51816f291ea67f91e58d1a98c3f8f1e01577ead3ee65fbddadd327c21b63642

    SHA512

    88599ad5951e4ef710e09ef4057c5dc8e831c172c33036c8b6c275d1ad2343a10c3f266f69e2bb6a27f872abb5a462f402b901983c8eb3ad77d4e1d105478031

  • /data/data/com.bank.lead.owzlmjgmgy/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    4c7f4f20c35027199ad506f196fa88ce

    SHA1

    d78069be12529a184dd0f018528a67ce99b292a8

    SHA256

    891ecbfbd35c5eb078e36a9bb2c6898128544486fcfd8a44ceecbd89a800818d

    SHA512

    3b5c361549945c3fe408b32876613e8548914ded6c07ae51af6181c00542f533aff40db481f9c5297c11af27aa86453dd43fbf70108569e230cb1f2cf34c80f8

  • /data/misc/profiles/cur/0/com.bank.lead.owzlmjgmgy/primary.prof

    Filesize

    1KB

    MD5

    5c05bd6f582fa8e0d8941ecc17b3b9e8

    SHA1

    9c4a94f749b426ec8bcd7cd7839346ec9d8539ad

    SHA256

    7e6b7519acc6d815be103dc093959ed8ef1858da80a939c14ff16c28b2975681

    SHA512

    0ba3b8363db59daecb0a0cd91c22c37fc1b5ab629121591d5abd26eac70ad123e18775e90c3cedd853b18a5d30ee906d7e1f1eea36ae301800400ebf1ccb7efb