22863248801a28d8312ba09fac50a3a9eacddeaf39e1a6fb05e09c8351f81094

General

Target

instagram.apk
Size

5.5MB
MD5

04f4d0c5c669e3a10dd001cce3a33e5c
SHA1

f056b0681e4cedd412c1007a9b74ad9832c39460
SHA256

22863248801a28d8312ba09fac50a3a9eacddeaf39e1a6fb05e09c8351f81094
SHA512

791cacf7c4622e76c4a1a0ba055fe3941b6a692329941ea475111469de6dfd16793333dc7d696eb313aee183d6ea05379872abdde56bbc16f655b91c5d771100
SSDEEP

98304:RdgUtVMWIivYb8AptrwAz4/GRA8uNnAlubXWHl8UofrF9JYV6t:RntVDIiQAAptkAc/Ga8uNAKX45V6t

Score

8^/10

banker collection credential_access discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 9 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/data/local/bin/su	sigma.male
/system/bin/failsafe/su	sigma.male
/data/local/su	sigma.male
/system/app/Superuser.apk	sigma.male
/sbin/su	sigma.male
/system/bin/su	sigma.male
/data/local/xbin/su	sigma.male
/system/xbin/su	sigma.male
/system/sd/xbin/su	sigma.male

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	sigma.male

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	sigma.male

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	sigma.male

Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs

collection credential_access

Access Notifications

T1517

description	ioc	Process
Intent action	android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS	sigma.male

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	sigma.male

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	sigma.male

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	sigma.male

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	sigma.male

sigma.male
1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests enabling of the accessibility settings.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4262
- ls /data/local/tmp
  2⤵
  PID:4581
- id
  2⤵
  PID:4601

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Foreground Persistence

1

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1

T1541

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Access Notifications

1

T1517

Discovery

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

3

T1426

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Access Notifications

1

T1517

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sigma.male/app_sslcache/research-model-8ad6b-default-rtdb.europe-west1.firebasedatabase.app.443

Filesize
8KB

MD5
7076cb46257d30e8fae6d61156bf8260

SHA1
dbc762cc2d93dd78a0db2296360fb405d05e4105

SHA256
6ecda3af994e617026bc6e3fe3aa1fa5f63eac71c1d4ced513bae56e126629e2

SHA512
9028112ec3cd97fe6732051f218af1114eeaa46dd28d4198fe21410e3c79aed824e4c460f57c7720ef8448158be22391ab29b8bbb7182495cb02c07d8b49bfdf

Download Submit
/storage/emulated/0/Android/data/sigma.male/files/apps.html

Filesize
708KB

MD5
65be3a283d73f7ebb9728d1717040190

SHA1
aa7f9d4cbf24575bc567205f6ee5e2e1eb87173c

SHA256
fe20366769794dd3d74697801cb16da53e4b90a67933bc17f3da98c8c586211a

SHA512
106f9084afb96c61bf5a425d8775b5d3f317ffbfcf1cd06fe51ab12411a0f47af90573a7c173879307d0004bd6de470244bdd7c8b1a7c2ddac72c5bdb7428bee

Download Submit
/storage/emulated/0/Android/data/sigma.male/files/panel.txt

Filesize
19B

MD5
6e0075dcc0b7ac222bea767743b61a33

SHA1
44b3eaebc17568ca6e120747fef61521137068d9

SHA256
d0d1b610858419980e61586967769ed1bf001756aacbd5e00518b3b0eb83a402

SHA512
9950d09e464f74889ae85d70e72e57197b8a2713518bb7901b2c7b6e1ae51dc7e53547b2865f0226bfcc3bd5ea530453298512f8ecbc7b790da3339b5e05cf42

Download Submit
/storage/emulated/0/Android/data/sigma.male/files/sms.html

Filesize
1KB

MD5
f020935d9c20a6b6124e5153320e6a94

SHA1
ff4c83d7b71b28b22447705fdf9a09438d3d78ca

SHA256
a4242868f6c807f86ff403988b7ac8d302cfc847ae9addef4dafa780dcd950ff

SHA512
4a4d097b74f5036685512452b730ec720cd84ad6e1ab1afdc71dd05caa22bd0f1572226d42c6547738554be66ad55a35b3e8c466adbcc50f81b258d907218942

Download Submit
/storage/emulated/0/Android/data/sigma.male/files/uid.txt

Filesize
8B

MD5
483d6aec1627aaebcd0e193150aa1c9b

SHA1
a45b9bafeaaaa0b60d615808346c1266acfcfa6a

SHA256
e69eb9aa12a44851f08a9bea38d4a974375b4ab798c6dd7f0a6d64f8ad2d133e

SHA512
f809cf60240cbd5a3045741778502e1d26d5b6c010a5ffc6cb13c224673b8f967bfbc0618b04b536127789d6d426ddcbcee15467931e7cb5acdfecc5003c0b6d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads