Analysis
-
max time kernel
10s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
27-06-2024 08:24
General
-
Target
9F86529F11AF9DC52E466C459AE6F0D008AB1CA2A322CFB27277A71161BC142C.apk
-
Size
39.3MB
-
MD5
aaeffa2f72945060c6339a4ff8e279ce
-
SHA1
22cc44dee7d98cde206ac273bc09e84d41d42827
-
SHA256
9f86529f11af9dc52e466c459ae6f0d008ab1ca2a322cfb27277a71161bc142c
-
SHA512
d3d0a386b550dbf799491bfb5bf833f30f0f598f6ec2e3acff92e0be73588d88ff8b8b8d28ebe84af2e9d4b50ec50bc75c8fd755a30f4e1f370422628c5fa53b
-
SSDEEP
786432:k8GyTpxb6w30e8GOJ7nojGpYk3wYUg59492hCro50aAOcCixBJzPVYs91RX:JGeb6e8TxnojGTUgtCro5zlcCixBPVNX
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.f2pool.f2pool1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.4MB
MD54103ecfefe2678a2452dcf9701b12716
SHA1a02281e303a1558ba8d776ac5571067db4eb682c
SHA2563063ac04c47f5373929a320e06c21a369cff03b0d320463e11a28e211d15cb6d
SHA512ea304f01bd60d9ffe945d551e13faa1ff3684a77ae5aefaf9be3ac5c77941c26471e90cfff66c79504dd3ccbd05fbb0407ea69b33a333834d0261687176c7e07
-
Filesize
3.3MB
MD5b0b913b1b48a337c5cb82fa4ed83d745
SHA1e901adc05216a774fc60bb526869a12f43412d03
SHA256cf7f417b3f0f1bef5a0eb8485c8069c10b3fb2d4b4093c0af7a1ad922add3f35
SHA5128c78bf9dd6b81aad67194a3f5135583f10501661b42588d45398f349ed705f1a0371b2763cdfa8b3a36352055396aba56cb3fdefc347b48c66522bae8f213a5c
-
Filesize
491KB
MD5940317093cc329d45cf45ea8713b1c1f
SHA13f9ff8cef8e41d03ea714b8d5f030ad1fcaec0be
SHA25657f0ffa7062aaa03074648a0c9df78ed9d3f78c2f07fb846b11bb1b667e246bc
SHA5123f40076d241bc3a2b83e56d01e826b8cb7d310a67128ac8b1165bdb93dd917c6a7219c1e65dbd8a40432fb38331828c7171e266e8474dfc69db2675e29e2723f
-
Filesize
56B
MD5c6113d1696957ef7a44c56afbd0baa60
SHA1bb7480adef1e7e6595ecfe0d06ded38d5e5c1070
SHA256ff13f93991c9f1d5509c1d014b20556b9368e3388ddece29a7dfb9d51381e258
SHA5120066beb23b4d6686a0c2a5245951515a87dd56420aac177df8b65c64e7ca75fdb70f6f3c73a925739dbbfe84cd639265732ca73bccd92f3af0ca730e53305a15
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5eef203785b4541a27f5817d2a877927c
SHA1521cc84c9064ea5c3eff147cf55c3366a74501b9
SHA256f8ff4c61d1efb025408af3bf15fb6a137be7e86b4f7f3023f71d7d16a4d4ca4d
SHA51275f34b4b30b666a3523b340dbf213373e66ca64651919a6f785731fc117580e2a54df587e9733ceaba1902497a07ada5cec83cd57e879d4e5f0e21780706c4fb
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
76KB
MD5d8023fa6a68e88ea8f00a1881f60ad82
SHA1cda3801989d024afaa4d33fad571f0fc1118af87
SHA2566949414e3684782aaf01479f18a601de124c53ad5ac23e6763765f6bdc6183c3
SHA5121ea55567bc1fcf2183fbe325121c1b4b6c36337cf2ce1fe3e32695f60c690216a218bcb1a2fbd13e61342e482a362fb928703347f53ba23cbab65d8cedf22b2f
-
Filesize
512B
MD5b3040b438d23f53b0c5b2e311b7aafbc
SHA1da0d4bed5ac8e7b48ff9e6c9afa9929fc13c28fe
SHA2568d51b0341a4786c12517edba2fb6f914d9c4428d5a87165fde1ebb76aba10da8
SHA5125ec65aefcc55d4589f9664f066691114c28d5e398dc29297e74fc598dce7df769d011021f8a8b4b534f1de54089b9b350d2028e9f155a9dde9821a5b7c747c36
-
Filesize
68KB
MD5abbb5852a8a02d7f6e6fad6b3fbf9cdf
SHA1936ac29c4192a14bc57b490af9543f24d2000ae3
SHA256fea57c39b73e238d724c2f69704eacef64e4f94f8eb1d6bd44f2a6f39583061c
SHA51264edca17d328658f1a62c0ca9dbd7e52a6314d153da57487daa0929caf3769c0a81e7eb9a0842b277c84033cbf138d7950dff1e743bb4accdd21643ae23e95cb
-
Filesize
307B
MD57fd638a7a2be0014f11198b5d36af629
SHA14155bcba31c1e58fe95a0a328e1148ef101e3b7d
SHA256a150412d939553cde9d6ca6fa03135ee5b8105c27c6f4bd7b697868a21d315f7
SHA512a74172034d103ef1366b64e781d9a736de6c9009aa7f09a52d1ec6d6b990652e499bb68b59a450c95affbdd1ffc929f2d481bde782e41866b49f76f03ccf5250
-
Filesize
32B
MD5cf84946026ed0b15c6941c855ddce213
SHA14453f409631094ab342f3081a086a181aeb8bf7a
SHA256a4b901d71b3e0f35d9424660463b1bed996faae1f7ec9c195fbf501e406a8b98
SHA51222b7e085e4db657d87fa0ecf707e990d13454af77ed7e0bd01acb3b008fc3b0bc9e198fe57b1afb0893219bd7eafe86f01d88393c80b59f9c738d90cf22207a8
-
Filesize
32B
MD52fb816281446c4be5e6806c4fe458aee
SHA12395ed56c607f1dbd5df1768c972b8ed7acbcabd
SHA256596a51a2f06e8eed7c0e6c72f50533d77878cbf371c4c1ebceaf24cb8b586838
SHA5122077bbfc57bb9f23e839ff99c7351d8816ca9680e3b4441fbb7d493ed5038c03dc94c380cb57784c97e21826cd60f93e023067271fe84931d3e23872189c3eb4
-
Filesize
111B
MD585c494d61fb152b42c4ca7c1367b540e
SHA15b8e4f079c5ade5747019629f939748fe85545e9
SHA256dd463b2ef4719e1ae9ec8aef41e5334084cb71201a7603196d3903cd687b9715
SHA512d3f96ec94c05e37ef4f5415c33b0c3b462f3224fea3bff65c56c45911ccb6b0c54a6a87037a891a0d741aa6c772868ef1028e44202f4d74af07633f58266d30e
-
Filesize
213B
MD5deede51ec8335c7c7d151e6b4e7c94c3
SHA173b724d90e0bdcc55e3f0f9936f4d284a8c8030f
SHA2564b505249538e22a9281d31519af645333035596751635653fd6d898ae2a164c3
SHA51292b5517a3a685ae14b5d4254cb9e3c7ab3cd5fb5ff131b9338402c3ff1b840435aec44670c7f5c65388d99aa7305b59b2111280d5c97c3b91574b565e7356700
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD56a1612ef7d59939156afb7201548e3ff
SHA10d77df82ea27e257d972dd9978a9130ed8aa704d
SHA256bb3896620cdfbd6b47f46f4f0c3d9c1342f79c98be2452e4f05685f9c73eeffe
SHA512e6c92cf1b5b1ebd01285cfb58f3a4fc5a5d48a4990333d42124afb69b602637dc5d02f9348904336bcf007b931e1e7f502b2884c4e79a44d8c84fac0658f2bf2
-
Filesize
167B
MD5f7154b6bf835f6e03c5e6a84c0cc5277
SHA11b2dd0c44f1124c28c64a0129897474f56c9176c
SHA25698ea352c0d77e4dfb1074267a65a2f52bbbef99ec70a59c4b186b5c9f6fcea7f
SHA51226ad15b5e3fb7de065d8eda943573d757418ef05736976fd946e286df44a50a0d511692c386b567cd7244a91a93c8777e758961fd6192a427bfbc561d9db5d38