fd7c8da9264f1b18cf9b36a1757ae15b2f5fc14e748eaa94ff6fe7dfdbcb3049

Analysis

max time kernel
12s
max time network
151s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
24/06/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd7c8da9264f1b18cf9b36a1757ae15b2f5fc14e748eaa94ff6fe7dfdbcb3049.apk
Size

3.3MB
MD5

ca16a4847b938188f34669b569e78c27
SHA1

29770a045d15fbf7261e7230eb058b484d940085
SHA256

fd7c8da9264f1b18cf9b36a1757ae15b2f5fc14e748eaa94ff6fe7dfdbcb3049
SHA512

b5d390641093373afe4f8a41eb54a9313e8111a57a3181c2d63b4159e97cde6b4a721bef9057a85336ce7b6140614c56c0f8049023dab1a185b76040c79e6e98
SSDEEP

98304:EX3LNq6JM2Bzilhb/4DzTU4nVfCjvtTufru1:EHhdJM+zKJkzTTV8vx

Score

8^/10

evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.hmdm.control
/system/xbin/su	com.hmdm.control

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.hmdm.control

Checks the presence of a debugger
evasion

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hmdm.control

com.hmdm.control
1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's foreground persistence service
- Checks memory information
PID:5059

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hmdm.control/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
15d5b92dcbda7ef7f9ca327a903e46e4

SHA1
ca153b66028a58d90346ff8abadbdf01b95c37b1

SHA256
e802fdc1ccd833b91d80bb1d8f54cab2b585393e6a07622c4d9feaab07633370

SHA512
2352f167ee5aa37cb3438a0a7df8f632771a1d019c5cd120fe62313fb73aed6d0e09186a9bf306a564371b846a8da020f6acd7aede0cc47ca50701611fa84aca

Download Submit
/data/data/com.hmdm.control/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
42acb06427b231ff838b760816a723b4

SHA1
a3acbfb9be8c9231957e61d4f3ac37c1047cd62c

SHA256
21d76438d5281f6e98a8622380eec5e389ea0f60a4d27e8e3a385492abbad037

SHA512
8807bb91b0db71ea32055f566beae067dcb705ae897c6b3841212e60dccf511116636f1d516e0ae26009a3af6989ee2a1e6a4dd1dde327b709484a69d3c0967d

Download Submit
/data/data/com.hmdm.control/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
68c4df73688078cda7ba8e0a3942e7ad

SHA1
ed24e3319001fd724336e1a78a2ee61d5e1051f3

SHA256
202a04990e7992e140a8dcd354c9f80bc01638a1a85a26a4a2f374daf5254109

SHA512
8209c89bdc973d8696e168b1b400482d275e930096b888e7082a52978f307a84181d137b16069433fe8ca7916da2f3290a097e51dce471085cfd8ec80d8c7dcc

Download Submit
/data/data/com.hmdm.control/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a4e579cdcec795a25272bdee141aa549

SHA1
0e04fdd0d75c8c0a973fbc316d6f42ba7fe2b384

SHA256
e42f223df576d981b7bf3b6502c65c515553d8a5c41e167b392f8abe0c82bbe8

SHA512
a61821a11c7f4498a518605478386083b8998e8ceda40f5114683d099cd12e476239e74f96ca0519900c056b73319e4fef65e3718a894dbaf5d37fa904fe3c56

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/6678C0F30227-0001-13C3-B394B9924EA6BeginSession.cls_temp

Filesize
75B

MD5
e403caa786a5a18f7f9afb88b50f17b6

SHA1
4587f7b3a1bc841e9112c194e76930f433c9aa91

SHA256
a5616b3d7352849bf3c86109883724e6f1a751b2d17e9e2097fc44ed9b1d1dc8

SHA512
bee45aaa41f6f4a5ba78ffb245d0d96c07a2d678b7ee75feb148059cd8edf76e3775e38ae9144f436e53ca33ecf1aeb5fed0af952800c8fd5c5d66025e23ac87

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/6678C0F30227-0001-13C3-B394B9924EA6SessionApp.cls_temp

Filesize
66B

MD5
2597d10582b857c0f6f150830f656bf5

SHA1
12c54ad68d10dc8cd248578fa95c35f30aeed0c5

SHA256
f49b17e407efc80992265e70be7aacdd2a0ad848bd00f517be96097cba68ecce

SHA512
33f5789dea24ca1d907b4d0054ced0ad068cfb50d5cbc8879ce087bebf4055938dc90782bf64d6d7adb773a8fa0f580b63a999da70a22910e72e58ea4f8dda56

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/6678C0F30227-0001-13C3-B394B9924EA6SessionDevice.cls_temp

Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/6678C0F30227-0001-13C3-B394B9924EA6SessionOS.cls_temp

Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
712B

MD5
b31c06ca2c7e8307198e92a56dfe4eba

SHA1
44954e31ad50f9eb8d86a4adbbe0606e18fe884f

SHA256
5047c373bb66da83731d1b38a83944c4db8e872800330c76536694bd9ad0c7cf

SHA512
df62bb445b086b0af433e61addc4e265ccc7a1a30e47dc7102c6145f998b7ff3a64e4264dcafa4936ee67d09207e63b866bf1a6f2b1f078246cf95ec9325f794

Download Submit
/data/data/com.hmdm.control/files/.com.google.firebase.crashlytics/report-persistence/sessions/6678C0F30227000113C3B394B9924EA6/report

Filesize
738B

MD5
3aaa7f36dbf1a796d2101c42041e4021

SHA1
072f0ee0c81048080ef5d5ad7fee2a1e8e9b2b5e

SHA256
cc8327d3f80b4fb057d719f8f3998182814b99a0c7af5842f19d5de644e5123c

SHA512
c48bc6034057f0cfb1a092f9581b0d8f4a63c006b8c6a2671a70bb333e71561cdcf1db2943ab0b947664c1180fe7c688ddb34430d4ea9fa638e303e5a1650aac

Download Submit
/data/data/com.hmdm.control/files/PersistedInstallation1253230049048411147tmp

Filesize
90B

MD5
991980bcd65e216f086752156d662c46

SHA1
23a60fdc4b09ee07c4e84edd8e398e274465305e

SHA256
72509b0af135d8642a6614d15e283f56c577dc10a04b0494c6a5134fc6489707

SHA512
603c3237afefbea15f20d3fa45bbaae9e9bd0807723b1d5ada7c3df79b7331bbab20d1a66022df7d91ab5d1a17f08212b2d37203875b03542069189289d725c2

Download Submit
/data/data/com.hmdm.control/files/PersistedInstallation2329755545719055309tmp

Filesize
568B

MD5
f23b4e0f1ffe89b463b9274b6f35b3c0

SHA1
97851b3bb4671016f7ad62a39994e504646dc323

SHA256
19c197453c4ea4cb5137060d0e14623bfa1eae083deeaf820ed6266fb88996a2

SHA512
78d797822842c217e1c51a525a7eaa90c9e526315efa70a683ed8f6e5eb44a4ece09602e193e874b81857f578a4d5f5732cbfe3696f2d0edae47f78cdfe2d481

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads