492f42920020596dc2b89ec297a66c51fa8847a2a3eaf5ef5d97663ace893f6a

Analysis

max time kernel
129s
max time network
138s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
27/06/2024, 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

492F42920020596DC2B89EC297A66C51FA8847A2A3EAF5EF5D97663ACE893F6A.apk
Size

10.3MB
MD5

8be860fb16835e673be716dc11b846a9
SHA1

1e2d2609b24a7462265f6e63e0003e39ddf24202
SHA256

492f42920020596dc2b89ec297a66c51fa8847a2a3eaf5ef5d97663ace893f6a
SHA512

51e7cb3e64ec477f8b042e6b476b3049c1bcb5c01396589a1c2844d2ba4230cf3f3e9aa32e31f67dfe0bc4d5901a0bb94021709fbf83619928590a055abeee47
SSDEEP

196608:w5H63tsVQsQ+F46spOYC4x0q7YqdqEFJoTVeVMLO7SzHFuQh2p:w5H+elzxq7BgEPue+hh2p

Score

8^/10

discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.joinhands.android
/system/bin/su	com.joinhands.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.joinhands.android

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.joinhands.android

com.joinhands.android
1⤵
- Checks if the Android device is rooted.
- Queries information about active data network
- Schedules tasks to execute at a specified time
PID:4495

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.joinhands.android/databases/OneSignal.db

Filesize
40KB

MD5
2479ff01e32c1445266304f37e9e7b35

SHA1
63a2b50d03eff98a4b5e684f1f95996b78219e6c

SHA256
c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15

SHA512
14b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3

Download Submit
/data/user/0/com.joinhands.android/databases/OneSignal.db-journal

Filesize
512B

MD5
4738d01cba1ab2189b32e849262253e1

SHA1
c67bb42f98fdadd7972b497ea1acef30bf0fe3a0

SHA256
bbffbe83131e9f00365bead8e2939136421cd6bb2c76d34fd29a3db31fabfece

SHA512
cb5be025f1f88522c4a55630647062cd5ac764a90c1e11878f0c127aa9a3cb084575edd065d969cf09b15d6170ea8927f66739e64c1933fbff2cf98e8454b020

Download Submit
/data/user/0/com.joinhands.android/databases/OneSignal.db-journal

Filesize
8KB

MD5
e55fce0355c1c8dd960021e2fac356bc

SHA1
e62b26e5b3a6b9ffb529a73aefc46dcd3f3d64ab

SHA256
3b979316b89c85a942975e7c6db699f43320c4dd77bd9bcbc64f3dfa56469f31

SHA512
e0ac7946b6741c3a17ee24d4ca6414bd17c805514219d8885a7a927d4167af273a9087be8cf1d044914e6056644fc04711139e0b7a7cc3ba90d7d4464f19f598

Download Submit
/data/user/0/com.joinhands.android/databases/OneSignal.db-journal

Filesize
8KB

MD5
68939796698af7aa2d647cbdfe7fbf2c

SHA1
f45fa1dc006a2d9e2ba7b411c4ca956b93cf052d

SHA256
570759bba6d4213e22136c337d7a5977986bb1de978c0c622eb933b08979ff6b

SHA512
5ee81a22f56e1a79422919b63fec0d193d1eda62db47e53a6bb0243ce4749df1327fc1af241bb09c8b2635eb2d9d90757f41ec26dc3538354573cd5665b5e3be

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads