Analysis
-
max time kernel
177s -
max time network
169s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
-
submitted
15-06-2024 23:58
General
-
Target
ca87fbdb57d7608b3c04810a86e0b990fbc1e6df249445719696e87468155e3e.apk
-
Size
672KB
-
MD5
0f2a8685698b73154ebfa7062aff1a80
-
SHA1
2422ec9a399990fa899c48e0811091d60383bc02
-
SHA256
ca87fbdb57d7608b3c04810a86e0b990fbc1e6df249445719696e87468155e3e
-
SHA512
4826f0f38374a0fc1d0ab6318380beb2f7d91c3ca7cbfcada4323f04033b0cc167d900765a7b1232705598feeac9715bcf7a4f78d457f088990b6d445e0b8283
-
SSDEEP
12288:2VBED9V8HxbQRZO/5oJukhQJBv/S8t8K6xoq5rSI9M+PEDkhC3RZj3SjHXRr:2VBEDn8HxERo/mJuEEx4KARrSIpPEDx8
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.bmSFNQnt1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.bmSFNQnt/b.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.bmSFNQnt/oat/x86/b.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.bmSFNQnt/b.zipFilesize
203KB
MD51db8f032804d525ca4f3f6010693c04e
SHA157c6f89ddd2097f2bb2f3ff2f644752d1048e7c7
SHA2565d757dc6fc86e3f161d720d7ca3c98b68e3ef3943c39d24f88d38ce31f4cb903
SHA51281465aaf05810a963ab881942289d644a2295dae153e7afc63f0bc11c2d6529a1c386c5f16d61c3047dd77971458a1f6bd3b94bd4167d23e482eca08b6d35e5d
-
/data/data/com.bmSFNQnt/files/configFilesize
76B
MD506244f5544f63c03cbba32710aa7b737
SHA14747c81291757043bda75b34dc43fbbd7c839611
SHA256c10720b9e264d8e3ac4a11b984f3d5198f2e3fd466b3ca4d39dd0b70b10e6e94
SHA5120c3d99a4cb2ba47e985bce3ae99e33e8583e14b722ddbce6054fb70de7bb5c85100cebdf3ae73c1b0c0c6aebdd1d324c235fb932be143c72c0971ee38c657f70