6cd5feb4ff16926fe8c7443eb9e38c47768dce2a87a7d38f210b4a6fc9c5760b

Analysis

max time kernel
48s
max time network
145s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27-06-2024 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6CD5FEB4FF16926FE8C7443EB9E38C47768DCE2A87A7D38F210B4A6FC9C5760B.apk
Size

15.7MB
MD5

6f1de63a845d5f14196c6f57e7fd8680
SHA1

6229fe154ddac84d329881fee192c6b095988443
SHA256

6cd5feb4ff16926fe8c7443eb9e38c47768dce2a87a7d38f210b4a6fc9c5760b
SHA512

3f59cbb5e06bc3c8da38fb06be4427fa2af36bbf8d627a452703625a06fce27575585137098b82fc720a121b5e56df9bdfa7915a11938e5a581161aac9780a56
SSDEEP

393216:fuEqd1CSPUnd5CixspsyPltW03ojvCi91SLOwzr:f82tSiCpQ0Yj1sn

Score

6^/10

discovery evasion impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.lavoro.compra.vendita

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.lavoro.compra.vendita

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lavoro.compra.vendita

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.lavoro.compra.vendita

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lavoro.compra.vendita

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lavoro.compra.vendita

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.lavoro.compra.vendita

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.lavoro.compra.vendita

com.lavoro.compra.vendita
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4325

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lavoro.compra.vendita/databases/data2.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lavoro.compra.vendita/databases/data2.db-journal

Filesize
512B

MD5
468e9f1c9b3f81dc0b1b737e85c27433

SHA1
47073bcc6fa869f380475e2c9ba2bfc5887fa5dd

SHA256
b6ec4dead5149dc3f89a8dffd72cbe88c99c1cc60c84a404059ae051b5910fff

SHA512
5b0940dbcaf6552d9b4e10fc24ae69d32b80a89b8f228cd1ae1e3dea9faacff87f2f4604800d681f0aa5e20988d59687073b9fb2480a35512eab2632066e8904

Download Submit
/data/data/com.lavoro.compra.vendita/databases/data2.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.lavoro.compra.vendita/databases/data2.db-wal

Filesize
84KB

MD5
944dad05da6cc75885330ab4bfb2bd57

SHA1
ef6feaaae4bf97b387757414d99ebe489bf95d18

SHA256
a38604bab15c2d1c9c63325ae02c726141b399c01188099b4782d6938f9e06d0

SHA512
b5373d2bf36f816e3b485ccde3636b1b7eb082fe2d0c8e471b938549429d327f64f62558e51a42dd250599f97223be549ae6151de3661a526fe49ac5d123d9e9

Download Submit
/data/data/com.lavoro.compra.vendita/files/.YFlurrySenderIndex.info.AnalyticsData_FHVHX8QSYRFSTPTJ9RFD_284

Filesize
88B

MD5
e0a460631a1d39f4a904026d94873190

SHA1
366f36b524dbc973f8f6e5af2a26103609654c20

SHA256
b535b477877aa012aa9a1ba196c67fadb189ee7e8dd57ade118f6ed818b97bc5

SHA512
a3657a666d806c35990b1776cb2314a7ade8abc935fa2793dfc25c48157057f4f619374d454bcf45c861552805b141b386e05564a79aa79de8ed5d4c813e0df6

Download Submit
/data/data/com.lavoro.compra.vendita/files/.YFlurrySenderIndex.info.AnalyticsMain

Filesize
72B

MD5
2cfba917f4360ea4ede416f9afdd3d47

SHA1
55b5ab074822f3deaaee9b1d14648e1b7bc1eb75

SHA256
4e66ac52a677d58de58885e8ec0f95260809bf3d6842e91545023803f50c1ee6

SHA512
72a928d25f5a952f7d46287593ce9238592f1728667906d55003ed62df0d6b541e14de8b88712025733a0db1f1111024560689fbf453a19e8048c1a1f3619516

Download Submit
/data/data/com.lavoro.compra.vendita/files/.yflurrydatasenderblock.4f863163-c828-4372-9516-b0405f75e3bc

Filesize
360B

MD5
39651710e25186d284242c264f0a10d2

SHA1
0c81286cf3825830685f2049625a99f79551edaa

SHA256
a341ceb6116fe31e5dfda566db6be28db78190d5e6bc081dcdbc1ab331a32b45

SHA512
056b534461e7b44f3dfe20cdf904eb12326c95200c61d0f4cf43819390eee31df53a779a0db5d6632f6ff2b87dbd7159f34abe892c05f1ab1c3ec9747c87f1c3

Download Submit
/data/data/com.lavoro.compra.vendita/lib-main/dso_deps

Filesize
316B

MD5
6fba2d311b5c227ed449f21d79f497bb

SHA1
27b1f27c670c922e76370abfdf9d0e94b21de521

SHA256
6cbff339003ad5c5484fb62c7ce3200c01f177994844451998695a287e9dea32

SHA512
fcfa73f7e39d92ec8a9144d1813dec6daf78cee4eb4242d4f51a561bdbeabb1ac6400a3be16ca509db1b804d4d13e8a93b880a6d54a14f7f0458eeba84961e13

Download Submit
/data/data/com.lavoro.compra.vendita/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.lavoro.compra.vendita/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.lavoro.compra.vendita/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.lavoro.compra.vendita/no_backup/.flurryNoBackup/installationNum

Filesize
100B

MD5
c9a8a5436847add27065a754451eb970

SHA1
9fa89e403f39e3625a1f41e1469689d4a69a0a85

SHA256
8361bb794af508bcd1189942425a807c879c9909446328ab3e217ad160894371

SHA512
f2f8d0d31c7d8fd018af050d3624ad46599c64abd3e199ee3c3dad9d2c626a77395ad8d312dce5817dcecb1a0431e701e947af13758c2910fd1c4701343108fb

Download Submit
/storage/emulated/0/Android/data/com.lavoro.compra.vendita/cache/FavIcon/500f691df7747fce99c0ce48f5b243e90

Filesize
919B

MD5
c7f9d0cc0623972100b3785a814c5e7c

SHA1
3246e6b92a3b536db07d545fe6134d1f430cb183

SHA256
95dac88b2a37a7cdd2486e2fce8c7e51247385741b29d56e447479c6a6a605cc

SHA512
40253d9667258dabc3ddcad3ff267729a377f274ace4cce7ceb3ec5b56525b17c8399a5810d4c93feeafe71fbe9e74e41f0c291a40c6829eb28538817d176457

Download Submit
/storage/emulated/0/Android/data/com.lavoro.compra.vendita/cache/Object/journal.tmp

Filesize
32B

MD5
6a1f76b33dc12d82e5bdc8d0653ee225

SHA1
65607c78d23758ee27275e5c25c75395c7ad39e6

SHA256
e89a1de7e24075f85893cc146fcc21d1c3eccf9ed6d7d099f0a63a3cb2680c64

SHA512
114f78f37c9dab14d543b0fb1f05b6f4c4617323032e0e719731fa64276e47f8ae0823c8f11c9cf4810759284498d1235ee15603c398a09c40c8a20687f1f3f2

Download Submit
/storage/emulated/0/Android/data/com.lavoro.compra.vendita/cache/http/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads