c825891d4b9f37aea7a2b782c4a5da0368e58c8e9f31ed47e3da5690be91e1b8

Analysis

max time kernel
3s
max time network
131s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
22-06-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c825891d4b9f37aea7a2b782c4a5da0368e58c8e9f31ed47e3da5690be91e1b8.apk
Size

4.4MB
MD5

fde8e734fb79ea09b473dc643b70cc98
SHA1

18b7e9e68ceaffa10492a15efdb03bec56ac4822
SHA256

c825891d4b9f37aea7a2b782c4a5da0368e58c8e9f31ed47e3da5690be91e1b8
SHA512

68582e690658f764c941bc3280949cadd457270a2800ca75c3cb7e440fb7f5d46d5d32859846d412b3f6a3066db08302de3d67ae693dd8f82d5d4a08a75a582c
SSDEEP

98304:lWoCq7SEzurJZZE+mxW1f2o9oF35p0yhZqpF55rIWDgkbr7db9GTs262LoFb7b:lWoV7FurJxmxUnu3cyhZoVDdbrjmUzbn

Score

8^/10

evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

Processes:

ru.SjPgYpMH.tUEhMoGVR

ioc	process
/data/local/bin/su	ru.SjPgYpMH.tUEhMoGVR
/data/local/xbin/su	ru.SjPgYpMH.tUEhMoGVR
/sbin/su	ru.SjPgYpMH.tUEhMoGVR
/system/bin/su	ru.SjPgYpMH.tUEhMoGVR
/system/bin/failsafe/su	ru.SjPgYpMH.tUEhMoGVR
/system/sd/xbin/su	ru.SjPgYpMH.tUEhMoGVR
/system/xbin/su	ru.SjPgYpMH.tUEhMoGVR
/data/local/su	ru.SjPgYpMH.tUEhMoGVR

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

ru.SjPgYpMH.tUEhMoGVR

ioc process

/dev/socket/qemud ru.SjPgYpMH.tUEhMoGVR
/dev/qemu_pipe ru.SjPgYpMH.tUEhMoGVR
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

ru.SjPgYpMH.tUEhMoGVR

description ioc process

Framework service call android.app.IActivityManager.registerReceiver ru.SjPgYpMH.tUEhMoGVR
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

ru.SjPgYpMH.tUEhMoGVR

description ioc process

File opened for read /proc/cpuinfo ru.SjPgYpMH.tUEhMoGVR

ioc	process
/dev/socket/qemud	ru.SjPgYpMH.tUEhMoGVR
/dev/qemu_pipe	ru.SjPgYpMH.tUEhMoGVR

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	ru.SjPgYpMH.tUEhMoGVR

description	ioc	process
File opened for read	/proc/cpuinfo	ru.SjPgYpMH.tUEhMoGVR

ru.SjPgYpMH.tUEhMoGVR
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:5130

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.SjPgYpMH.tUEhMoGVR/files/shared_prefs_sdk_ad_prefs

Filesize
153B

MD5
65026ee778e1372d9f4aed742772e893

SHA1
5a5f1c821d7639424f3c75a44468ab5f7dd4e8cc

SHA256
15070f52136d5a8332f8d70f790bd7bb04cd6a99b386d40e0abedc40c42caa3c

SHA512
589c4a12c6b6ec1a1cca957da758aaa900e68a23b4bc2f42524b0e8dd34f6c5378541d9293eae1ae8d478bf5b5229ce4218c058fc3b399eb5756afeb05c68616

Download Submit