715110b4e3b9c94c778add99b7e83ce43cc98ea98fe3c08f88fb3550352e40b8

Analysis

max time kernel
179s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

715110b4e3b9c94c778add99b7e83ce43cc98ea98fe3c08f88fb3550352e40b8.apk
Size

2.6MB
MD5

8fb643cec025486e16b152936136f0f8
SHA1

3631351169178ab10f8f54e42bc34f7b26fa78d3
SHA256

715110b4e3b9c94c778add99b7e83ce43cc98ea98fe3c08f88fb3550352e40b8
SHA512

e14ab8f3a8f9ae1cb32c0d9cee6c3bed7e1ecf82c06aaa4916076d7a6546f7e89ea70766a833774e250c1cbc8b655de5013e2283a1e6604a392b750fc46552c9
SSDEEP

49152:XZxXcHiOVHClutTpQ4GDjrBh0EjUANcb8KEpQbSaqkj9LukQfUZNZeVDlzSWITbX:XZxXIlVinDjrBaEjUqcb8pQbSadukQfC

Score

6^/10

discovery evasion persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	srzhjr.zzrr.xui

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	srzhjr.zzrr.xui

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	srzhjr.zzrr.xui

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	srzhjr.zzrr.xui

srzhjr.zzrr.xui
1⤵
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4274

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/srzhjr.zzrr.xui/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/srzhjr.zzrr.xui/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
958b4994b1dae5fecb71cf59d19eb39b

SHA1
58e2c5a695d04ce83c56fb993f12d5cad1eee661

SHA256
0deac4d837c2cb8c028b29463a0d3b78cbe7796bf3f6cd2259e279e72345d405

SHA512
c9057ed7740a8073235a658582f3ab1a2f4db68aee88bc52d6ce513805131556d1e64e26d419a14ea4728d2addd17b57983246418b1836c021fe82e1e6c650aa

Download Submit
/data/data/srzhjr.zzrr.xui/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/srzhjr.zzrr.xui/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
2d1622bd55bff9da21962c53cc16e1cf

SHA1
65e24882ffb971fe732b0ea926cea108ec221c61

SHA256
8034ba37f4d4bfba26d0b1831b9f5646641b6ea39d5ae1cdbb9b255c692ac62c

SHA512
ba0b3b650cb73e2fd0d819ed6af7a2823c17b22d0d2e40580df86527a8829caeb5c8b0b30373ee93fcfd923c9b0cb6c67dccaf6bd2101fcd0716ad0cd51ea52d

Download Submit
/data/data/srzhjr.zzrr.xui/files/PersistedInstallation2134712050208482306tmp

Filesize
90B

MD5
66b2497ade453609b84749004cc178d4

SHA1
a09c044ca719f500a3d3c905ea84fc01fc8fc10a

SHA256
92867fd396ebc32e107163c58fc53697ef3154f3af55954d330464cc0665ec45

SHA512
2fe13b5c0fbfaa13320a108d3d601d4a588aec99d0a6865be216c86489419d261af11050391019d95a7040878d568f1bae6916e8c9c3b66ed9e175b34bc0b2e7

Download Submit
/data/data/srzhjr.zzrr.xui/files/PersistedInstallation8498372249191771778tmp

Filesize
569B

MD5
01f8ca96c3a208732afebf7bc7c9247b

SHA1
e392a1e0e39470d2a43598dadf0b720caee22f8e

SHA256
1cd950ed60595492f5a92f34bd45a0a9d8829cb7dd2ebf5c0f6d04ec024dee0d

SHA512
d7bc5500c1a2f7b4a6f6221050edb5a79514e3e7c9cd55bcf5c83058d16b360e787c3e6fcad41a1c6a53054533873af78378879717717e665ee292811abcf259

Download Submit
/data/data/srzhjr.zzrr.xui/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/srzhjr.zzrr.xui/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
b8fe65b2240a893362cc10ce48af2432

SHA1
b3c4cbead99f0ee83a194f98c0cfdd50dcb1bb39

SHA256
49447bd9f977c0f4f235372404128f7d120b02d61ef8d0e9c8cd39c380501933

SHA512
3c7d103f901748ad40b4efe645c791a239b2ca7ec7e0cf05d8fe9ce0806a389ff7103f6b953c62a1de5d276aac7cc3b0c28220b178e94f2a5129e7c3d89c4e66

Download Submit
/data/data/srzhjr.zzrr.xui/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
2f1a8102c0a069d921ce09efd20a439a

SHA1
7a8fd32a69c0242a877e616d5cd5f983b7be6eab

SHA256
5078fea929891b22b8782c321539a9a59fff5108f6055ffbfa64d9c8f38d6450

SHA512
37cff1cfb3a5486cd423bf011a2271de8be2871ea9b9e7129548c3822685c3762bd4ea7f2bcb8403f0242617a447d749973621f38b62e94c4bce0f10eb9de86e

Download Submit
/data/data/srzhjr.zzrr.xui/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
514962a6d0e95b8aabb32800eccb6571

SHA1
5cac0719eeadbf1693ee6df762e22d50f66d41c6

SHA256
a34c698859008e5a04954daa8d4513298e7f3e3d00ac8456763569b271bdcc61

SHA512
1e4312667a6dbf5dc1ce56a7751f28aeb2da5478fd02803e17f16efbb6390f3861142c15a0167eb0c8dc883261233fd318cfc282cb6a60f6b7b73ae94854e9d2

Download Submit