fd7c8da9264f1b18cf9b36a1757ae15b2f5fc14e748eaa94ff6fe7dfdbcb3049

Analysis

max time kernel
12s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
24/06/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd7c8da9264f1b18cf9b36a1757ae15b2f5fc14e748eaa94ff6fe7dfdbcb3049.apk
Size

3.3MB
MD5

ca16a4847b938188f34669b569e78c27
SHA1

29770a045d15fbf7261e7230eb058b484d940085
SHA256

fd7c8da9264f1b18cf9b36a1757ae15b2f5fc14e748eaa94ff6fe7dfdbcb3049
SHA512

b5d390641093373afe4f8a41eb54a9313e8111a57a3181c2d63b4159e97cde6b4a721bef9057a85336ce7b6140614c56c0f8049023dab1a185b76040c79e6e98
SSDEEP

98304:EX3LNq6JM2Bzilhb/4DzTU4nVfCjvtTufru1:EHhdJM+zKJkzTTV8vx

Score

8^/10

evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.hmdm.control
/system/xbin/su	com.hmdm.control

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.hmdm.control

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hmdm.control

com.hmdm.control
1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's foreground persistence service
- Checks memory information
PID:4259

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hmdm.control/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.hmdm.control/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
0aa278b9e8f6849f7436ab24d2a9e709

SHA1
3b01bcdda1e232c34c054d8b2e697df6e03be292

SHA256
358c5f002508d861fa09d95ec4589a72a1e701083cf3a2975bd2bc9fe408a3c7

SHA512
3a003656f7bec0dd313fd45c075a7acc8341cdc29f32bb2135188f9c043f00798bfcd23fdb241588c87233dbc8978567d8c34d991b7c9924ee0b33c2c0186a7c

Download Submit
/data/data/com.hmdm.control/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hmdm.control/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
2a17e67275d4762a9f391d8f014fa2f2

SHA1
eb7f9bcf536cb4e5595d204eaec27b4ca15cdec9

SHA256
d7cf6c745dff57aefc40ad1b18f2e432679b7eb8638550e7cac7e8907495ae6d

SHA512
b2b1a89339786c11be2ed93fb93ed1509728e06a7652dd01d94a96dd27a974fe8490aa8ffb863585e52188450529f258037f391579014cbe4ea96785931edfbd

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/6678C0F003AE-0001-10A3-0FB1B8BEAB24BeginSession.cls_temp

Filesize
75B

MD5
aa17e46188ab1f56831658efe209b34d

SHA1
85d9d1657910a969633e5596ce374adcfad8b8aa

SHA256
b89f6c1da932ef8062872f2fd2adb032b3bb9065fe3e889f48050ce03c381aea

SHA512
cf70e9bc729d3862198354f803a99832ebf0e6e9fcebe29cc107e6cb185469c47ebdb691e1015eefcf2b93761c488057d35a8775b97013058c2dcb5ccd6acccb

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/6678C0F003AE-0001-10A3-0FB1B8BEAB24SessionApp.cls_temp

Filesize
66B

MD5
cc9229971d1f0f25612a65faf4cee511

SHA1
5ede48038f584dd1310897c1f142e0cbc44ff7cf

SHA256
7566e69faec6dcbf8dcfb49ffaef03a956599b4c491a649b505fc1122bc05a24

SHA512
03a79af551759381ca5092933fe7fbf6d947ffd48399af6a8ff67db68983c1fcf0742b661726603beaa19bd02647399111bdc15b6f8727001524726660a3b7bb

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/6678C0F003AE-0001-10A3-0FB1B8BEAB24SessionDevice.cls_temp

Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/6678C0F003AE-0001-10A3-0FB1B8BEAB24SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
712B

MD5
482e6ce8f0f055ba3068f6272c4466b4

SHA1
6ca8e3712a92561863183169c4ef5d2e705f3c3e

SHA256
bbbf0d3b941ca10ca5c5be5c2a367dcb589a0f28ae230af327939a1c94693cae

SHA512
5ca2fca14297837311b8f3e9a3aa23984a134ad4b9f3f31f34158bfe24f1a842e320c76b8bc3da5e22608270530247a6f3286d2bc85abc889dcd01e05ef3ca48

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/report-persistence/sessions/6678C0F003AE000110A30FB1B8BEAB24/report

Filesize
737B

MD5
76c8ee2ecc7faf5a0182741b892d9485

SHA1
be3b6a8e1325c75443bf3e130417603e7ad68934

SHA256
836be270e236decf6f01fb00292e4155adda509ce60175050b411695cea69cd7

SHA512
611feb8cecd0334be7eab1212454c289f9065a2bf7c1b668a29787b255ff8c215cd9dedd28080d34eedc9085431746dd0cd8ef6605c1dead7b990f209e978d87

Download Submit
/data/data/com.hmdm.control/files/PersistedInstallation1126346826653786159tmp

Filesize
90B

MD5
5af92b4a0f9e3d3c1197fc3e76887e3b

SHA1
5219d1e314147f5befa4a2bb5e9a987618059346

SHA256
528b72bc0d2c2cc78c44560a695c1a85a24919dd729d21043c9c9ec985d22371

SHA512
af5168033fa5ce5e8323e9356e3687ab44c54db9309c9de34f086ab60585267aa4b74caa82d593676d38383658c666cbf8771ab27215a2b477a1532ce716840c

Download Submit
/data/data/com.hmdm.control/files/PersistedInstallation4984807217075472950tmp

Filesize
569B

MD5
50574732d9e78b0c112e90549cb12d9f

SHA1
8141c8933894a92f1593bd0a380988435739720a

SHA256
ce694027cd3daa38f88537a629d27b0dddce6daea16300456ba9605734eacfaa

SHA512
ade154538d557a44640b3cc5047a4400d2be7cc3bf2f759a30af91e550a835b6686478ae26b2bf706723036a43b2eca9c478cdce7c0b72218d2751d91ca6d486

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads