Analysis

  • max time kernel
    120s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240603-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
  • submitted
    09-06-2024 06:56

General

  • Target

    indus.apk

  • Size

    8.3MB

  • MD5

    29ddf80eed11d404f1be5d8a2e147935

  • SHA1

    ab6715ba58ad31c81bbbc04403c1151d5246ecae

  • SHA256

    2abd77540e0f6e59c1a36d0b6a4db50570d98d3037ee592458dda38d19da30b1

  • SHA512

    f826dacad0cbf7b30753f98e4ac7bd50962e90f10d6f4e3fa42e0b65edd6b7a3151ef044a5812b3cd8d193d5e03fa835c6022b93ef711a5fb7998c27b61952af

  • SSDEEP

    196608:O+08YxPBpzZzo8zY2jHm4jgGPNyDLP0XpVOfL:10nzZzooLPPQDLPB

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

Processes

  • com.bank.lead.owzlmjgmgy
    1⤵
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4692

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bank.lead.owzlmjgmgy/files/PersistedInstallation4841345664930035687tmp

    Filesize

    90B

    MD5

    f5e29eecdc7749d1a979f8695163790d

    SHA1

    01e9191955dac9b26fa8e82cc051ba21f3cf1825

    SHA256

    78dc6b9c14921f90d5163dd37cee21fbdc988ea665ff9bd32fe624fc8a509aff

    SHA512

    2e4ee67887beff09fc72b36a30f507eb2f523fc07e1fbb656f3daf87833c2eb829fecb3358de327e76f387dacd634ac0279fb328f5b7373861ad6f297c8b7577

  • /data/data/com.bank.lead.owzlmjgmgy/files/PersistedInstallation5274907996223617649tmp

    Filesize

    568B

    MD5

    d720641d09a540215d6a55cfc977bfb2

    SHA1

    57aa147521ebb35c609a4a604cdfe50b05bca61b

    SHA256

    64022e834ec7c341462e572ceb0723c017b8f8ebdf608e263ca02928ae29f6f1

    SHA512

    9532368c5afd9390e05f9eba7c3eec31cf071daa5d16dd39687e94f4fd6bcd3a61b66f2909e9c49b88627e84aa218ca9cd7580fb76f6f6bdefdf5da8bf715110

  • /data/data/com.bank.lead.owzlmjgmgy/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    c677631e0b65be9fed11b6b4cfb11f2c

    SHA1

    7460295e3b36f775ae525fb6ef28dc80d93adc82

    SHA256

    cf9d0ba106ec2b8f7f0cf4b1752256ae9cc32a0df0fb8d80f0326e49c6568c62

    SHA512

    d8f3713c2d26787c07667c3f89f051245e134e8ae5fecfc0f472f39096acfeade6193c100634c666c53b4ab63148a06a2b317e9aa7c4fb6c32be4de7d49c7743

  • /data/data/com.bank.lead.owzlmjgmgy/no_backup/androidx.work.workdb

    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

  • /data/data/com.bank.lead.owzlmjgmgy/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    394ce709adcc4653763a300ad3abe0b8

    SHA1

    29f9bad6f53d62965674484fd52c570b72cad7b8

    SHA256

    2871a4f92540296a29621f5a76efcb914734869067ec7b046cb0018ce51b0db2

    SHA512

    69f8a98d12850629f0af1a1e585d6fb4525ea6765e89d1464ea129e79c80e54853b00a56d8ebbb41585798b80e572d5d6778a6dad210d13c4883a3f5bf90df52

  • /data/data/com.bank.lead.owzlmjgmgy/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.bank.lead.owzlmjgmgy/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    479e3945e035a898c35e6931298336a6

    SHA1

    2861c96f5b36e1b866920fbe0aaf2320576556b5

    SHA256

    18e28d26090d4f2e6c7da053f54855322b28e0507a9f5fd0163cc3682c228ea2

    SHA512

    663a8c952b66b6fc6a10f342f36059fc1eed1cae15a1fe01600dbe18d72f5723bf2147ae80138353913d9a07773d34e0ba2bb5b6d91706f63d7b5caef47fb8e0

  • /data/data/com.bank.lead.owzlmjgmgy/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    88694c32d00836e97c3f48545884e9ac

    SHA1

    c5c8e0f0698f65750805c9fb665dce62d17680c5

    SHA256

    50fdb494ed1113676fe60c3b8186750d364efd990035279a94eafa91d13173e7

    SHA512

    ab5bba52aee359fc45bde26f0576c8554990be713ba469236f7061c6584731d8b904430121a240e35286ad43ff9b4aafcc47f0bcaad13582c339516aaf3bc059

  • /data/misc/profiles/cur/0/com.bank.lead.owzlmjgmgy/primary.prof

    Filesize

    1KB

    MD5

    5c05bd6f582fa8e0d8941ecc17b3b9e8

    SHA1

    9c4a94f749b426ec8bcd7cd7839346ec9d8539ad

    SHA256

    7e6b7519acc6d815be103dc093959ed8ef1858da80a939c14ff16c28b2975681

    SHA512

    0ba3b8363db59daecb0a0cd91c22c37fc1b5ab629121591d5abd26eac70ad123e18775e90c3cedd853b18a5d30ee906d7e1f1eea36ae301800400ebf1ccb7efb