Malware Analysis Report

2025-01-19 07:44

Sample ID 240614-3wh4ja1fjf
Target magis-celular.apk
SHA256 04c06f6aa11948987713ef1f69532203bfab5c953ba72e3247fddaefcbb8f0db
Tags
evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

04c06f6aa11948987713ef1f69532203bfab5c953ba72e3247fddaefcbb8f0db

Threat Level: Shows suspicious behavior

The file magis-celular.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion

Checks Qemu related system properties.

Checks known Qemu pipes.

Requests dangerous framework permissions

Checks the presence of a debugger

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 23:51

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 23:51

Reported

2024-06-14 23:53

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

33s

Command Line

com.msandroid.mobile

Signatures

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: init.svc.qemud N/A N/A
Accessed system property key: init.svc.qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Checks the presence of a debugger

evasion

Processes

com.msandroid.mobile

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

N/A