2fa3c8c4b2cf0ff363142e4bf973ca760ae45aebad5a28bc1f72014144261969 | Triage

Analysis

max time kernel
168s
max time network
131s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
27/06/2024, 08:33

Sharing

Report Analysis Logs

General

Target

2FA3C8C4B2CF0FF363142E4BF973CA760AE45AEBAD5A28BC1F72014144261969.apk
Size

17.6MB
MD5

3060461fcf6f4cfd8d349e81b9e0fe56
SHA1

a8df016fd749152fe4e64df4664f3c4af18e4c00
SHA256

2fa3c8c4b2cf0ff363142e4bf973ca760ae45aebad5a28bc1f72014144261969
SHA512

706ebed7013f85f4899cf653bac1c34bef2af43908ce8355f89e68558f797ac3956f0f0156383d7f13fb043ca966afb38f76705f74443fbc70789bb33ca3dae2
SSDEEP

393216:+JD34oK1BiTRV8AzDs0kXlnQrXqlLn1T+Jh1gEkUbgyLdVjFKM6K1Q:+B9KLilVxzU1nfj1T+Jh1N9b/5WM6K1Q

Score

8^/10

banker discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

System Information Discovery

ioc	Process
/sbin/su	com.neemo.feijaodecorda
/system/bin/su	com.neemo.feijaodecorda

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.neemo.feijaodecorda

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.neemo.feijaodecorda

com.neemo.feijaodecorda
1⤵
- Checks if the Android device is rooted.
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4501

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.neemo.feijaodecorda/databases/OneSignal.db

Filesize
20KB

MD5
fd10aa90dbe453ea36e60b5a198abc4c

SHA1
321591172291841d4e9f9a7f7174849a5f37f0a9

SHA256
eb72b30ab2d0113e90ec8136d94e5b236c5f04f7164b69ae427b0c52d61f6f92

SHA512
3cc9f2ac9269a1ed13d27be55dbeda332a36b59d98fa4d07eaecf3383354a6b7d563fae049d5f41f548a995493bd539a831e9207a0b81f4d35c8b621f4d944ae

Download Submit
/data/user/0/com.neemo.feijaodecorda/databases/OneSignal.db-journal

Filesize
512B

MD5
f6fe3731e68b68f6fcbf82040e54fc56

SHA1
acba15cbc757a8e05f60d24aefd263d38ed5f1d7

SHA256
2367ecfd22f398536ae50958dca2c00cda6454ceef6bff7d38d387eed0007e4e

SHA512
0a0148fab8121d837590ad10bfcc466dd84f623d3f6df3f992f82b94d7f39fac9e94fc4e4b240fecd2acdd27a4c8d01a1dd13b966dad8436e5f2946fb7ac2de5

Download Submit
/data/user/0/com.neemo.feijaodecorda/databases/OneSignal.db-journal

Filesize
8KB

MD5
3dfe2a07fed9ddbd23362d5829ae6480

SHA1
85466706f82b8cf4ad8c9216723f6edbec4fe5f2

SHA256
ce1a500813e8b59299f00cdff72551543cece33e63a54e076287b243b58d0fcd

SHA512
9749b4ca88a45050b32c014f2d7958277abaa3c4233c19510df142a677319600dbfa6c1e8ad271b61ab534b3004bce00a8f8123a2ac0462d3b9ddfd854321fa7

Download Submit
/data/user/0/com.neemo.feijaodecorda/databases/OneSignal.db-journal

Filesize
8KB

MD5
d02f1804d0e4f1b44b8a67e075c5368c

SHA1
417f661d90edfd76ea60124dd8b9c34c08146e49

SHA256
976c9f226660141964a9b09299eb993e6ff6bfb081f378cd93303c5b21c68fd2

SHA512
3aa19e93c71812d0b6f96db44ae2769ec9f2cecbc760b63b2f09ea8d3531d06c9323e16d16b1e0e21211208869fe8b92eaa637dea215efe130d5759911256268

Download Submit
/data/user/0/com.neemo.feijaodecorda/files/AppEventsLogger.persistedevents

Filesize
403B

MD5
5dc838bf450e15e0db80e985d18a2702

SHA1
82045036ddf474d9c149d63f5e77f8d9733a50c0

SHA256
341501b6313e69f4da62f367a907847ddda2eab3f159f00ec2caf5fc8371aae8

SHA512
03c535160edf65853e4ffaecae65e40457ece3ab285648b312c348d54373918c9dfe07c7d2f5d52448cff82c95b9c1fda4869600e01af51a74ac3442c8cd896b

Download Submit
/data/user/0/com.neemo.feijaodecorda/files/AppEventsLogger.persistedevents

Filesize
403B

MD5
07fb3bf3093f1e2a3b9b847620f65ff4

SHA1
93ac39fd7720559b4211c616c3f59a68d5aba26e

SHA256
cb537f064a0e27b0c055f742babf8a0c364746533950413b6d38dd9384931f91

SHA512
480f162e2656e66ce4c3855ac7a18059d7bf78bd5385bf3d5dccb4361be098c1c89d6b895b30863d46b1951c6468fb92382e2aade015a7edc376f9fe4536be71

Download Submit
/storage/emulated/0/Android/data/com.neemo.feijaodecorda/cache/_tmp/remote-cache/e7567b90b6f9a760f2b9c8a188400a1d8ef206e0.bdy

Filesize
325KB

MD5
3ea1de47c34104f7db21c038c368c0ee

SHA1
7aefce2e84ed42606d0de680f0b87f2bebfa7172

SHA256
077c251f5d9e59572bbfafd21a925b05b85cba3abf134023effd5ba160a65bc8

SHA512
7155c24a4d17340bbd2f095630e8c742bdcdee44a9217eba1022b6246273f24452f9a188612f02ea770c279ad7c06edbae3a92202e8fa47e5b1bfd4f207aa329

Download Submit
/storage/emulated/0/Android/data/com.neemo.feijaodecorda/cache/_tmp/remote-cache/e7567b90b6f9a760f2b9c8a188400a1d8ef206e0.hdr (deleted)

Filesize
507B

MD5
d6b20aac4c2242f4f98232e00e3aeea6

SHA1
f20caafa82ca81d919405138982043179ceb78d3

SHA256
2dc02f90856448ca222faf3b8ea2b8f6a3d111fd6658df94546c498ab0f5df3f

SHA512
b1e7d1e40c5902616083ec97f46cf0cf87a5500a67723b63614b59598e3d97ae7e657dd5790745374715e62acd19bfdaeed32e4f62fba6c475b526f175999e81

Download Submit