Analysis
-
max time kernel
179s -
max time network
169s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
-
submitted
16-06-2024 23:49
General
-
Target
82b7101fb1b4dd4cae1390c619bbced74677c8b1971ae62f6e063a1d1fba0a43.apk
-
Size
294KB
-
MD5
33b70f3ce0bc2cd325b6ef64a0cc705b
-
SHA1
a091bcaa083aa373e910b6bf1fea6eeebe546243
-
SHA256
82b7101fb1b4dd4cae1390c619bbced74677c8b1971ae62f6e063a1d1fba0a43
-
SHA512
622d8e1720ea7dc31d63efa21a1ed6866859c9b67de13bfe4247533d545d9b63f76883430e880e49244abefa1697df60c706e5759c106b649188bcc08cc37153
-
SSDEEP
6144:UY9s2Z/ffCgVWw8uPqIt++oepKMbfXl3nzT8/8QqBN0o4yODNfdu:yKz2uDnzKGXlPDtOp1u
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Requests changing the default SMS application. 2 TTPs 1 IoCs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.bafengcinama.mediaplayer1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Requests changing the default SMS application.
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.bafengcinama.mediaplayer/b.zip --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/data/com.bafengcinama.mediaplayer/oat/x86/b.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.bafengcinama.mediaplayer/b.zipFilesize
172KB
MD5720f772a27e8272d102dd6b1c895a66e
SHA127cebf2aa4e284a194ee75e438f0537ce27f4f15
SHA25686af83dd43d3dfd4070dac6bf4c8873c935be9a41a5cf4e7ad26ba71a2033be2
SHA51221070f5f7e8d6202673600d318643d4ad220ac536981b35424e20e3cdc92b408fdca222383dcf08338889fe12a9c2619ed67d693a736be220eee86d017055fea
-
/data/data/com.bafengcinama.mediaplayer/files/configFilesize
60B
MD549b5691f6c1a249dd2a7f9e6db783b85
SHA1864fa20ee23794ecf9184b6f3b3fe2afa506ecd1
SHA256f1bc63df60b66a26072e4b89740baf2396dbc396ede805dc163472298e675955
SHA512a1050cc7102b49ff4b3372502b36657e053d0d9f28bffd8f8ce70002ef6ce69f8a26cae973636ec8dab7eddef69d8963481b9f475a918e18f73b5d5b93c3e245