d3f754ca31f768a8549747626eadb195be4729a20c172c9824054f369ab880c3

Analysis

max time kernel
162s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27/06/2024, 08:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

D3F754CA31F768A8549747626EADB195BE4729A20C172C9824054F369AB880C3.apk
Size

34.3MB
MD5

44faaa1a382197e13c6f9e3a40a46ba8
SHA1

fb4d54ead012bb067e18e5c4900618e98342867e
SHA256

d3f754ca31f768a8549747626eadb195be4729a20c172c9824054f369ab880c3
SHA512

0f32a4fe724b6bebb55e7d9eb2da1e8c8e8f9d557acc65943b7e5d92310ed53e03def5d3215ff36e2a976188049e2f6b5c7b580483748080f1b502117482e73f
SSDEEP

393216:SCtfp2D5OmHEyYAfk1T26L5aoBx1NnS6gkwQUhhtrpt9:t9pakyNiy6AoZNnDi/

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	fr.albus.albusoins
/system/xbin/su	fr.albus.albusoins

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	fr.albus.albusoins

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	fr.albus.albusoins

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	fr.albus.albusoins

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	fr.albus.albusoins

fr.albus.albusoins
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4271

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/fr.albus.albusoins/databases/google_analytics_v4.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/fr.albus.albusoins/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
00e427ce3cb2f4c954fa10f5ef5c4c14

SHA1
c2bf5e73f9feb67e01ea5de2d2a3cb9e687560da

SHA256
abb248486ef5ff244bd571a029b3d9ea466689fc52db67745ce9682b775031fa

SHA512
91b980785a6fc92071b858fde705097e750c357d3dc8d8d469e49b5dd1dc881ec4da7cee6359a6543b6b572c26c082e492cb0b1132665e4d6fc60d8d1985c0e1

Download Submit
/data/data/fr.albus.albusoins/databases/google_analytics_v4.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/fr.albus.albusoins/databases/google_analytics_v4.db-wal

Filesize
60KB

MD5
90c6dc65d4274fdc94590d437a4f8a2d

SHA1
feeef31d462c901e92205661a857875d803680ae

SHA256
bcab2b852b82bb670f4fd57510706876c0136ac8a9812d3d3c3ad29c8027a620

SHA512
8d9763a00c16a10f42ece5ce30869b225a254174bbd4ce5824e2b4f411445bed812697d34c5345ebf7fc3f4ece656efd1b2eabcd01418eb73a50d96b7836f646

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D60C40252-0001-10AF-E72F7FA6FE70BeginSession.cls_temp

Filesize
77B

MD5
a9142bc0e52c168ee089f56ea9aa676a

SHA1
513b4fe61e3a8c11bb3c67bd57e727e253c3cb8a

SHA256
f9dda4a3bf440a77326cb3b5f1269b712f2b192f02d32ac0fc1bb9bfabd01b9c

SHA512
23b7c0b767d060790331d8dc56c6152e76dde704a2673a38bf416b7869f1e21c2ef574f4489452e66f1363ee03d65899ff0744c3022f0b90096738851a52400e

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D60C40252-0001-10AF-E72F7FA6FE70BeginSession.json

Filesize
132B

MD5
2cfe07bc005ec17d52de3d74a116930c

SHA1
07641eee212cdc72e6bdf54a63886752be1090db

SHA256
cef85b2706e14a98695d57092433fec4940327f2b87cf732ae180db09f2a7e5d

SHA512
4ea5f8777bc9ecaef9e054230d932dedc172ad8dd954e103a782933c19165f50e0ad85ba18796121e8fbba6ac3a40a2af6580924ec7a61fdeafebd06bab2a5f2

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D60C40252-0001-10AF-E72F7FA6FE70SessionApp.cls_temp

Filesize
113B

MD5
891d11f72476c017c7d677271d238f32

SHA1
8a3f4ee6aed11cd7e976a81f7adaff59f4d1e57b

SHA256
87a11e55694ad6cfe549dedac7b1456ea5506cb1e5a1076c4f17148a34390b89

SHA512
0ab93744b3c04bca7d6c89e550db4e05681f743f9807c3ee64b4a242d81674eb327e0a0efa44e072717345ab27fa884f156952bd1e151bbb3b4b8525c8895332

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D60C40252-0001-10AF-E72F7FA6FE70SessionApp.json

Filesize
227B

MD5
468122b569c2284ef0921ac387bee5d4

SHA1
dfd3dd6eba1a462bd54cadab325be8426691d9f9

SHA256
ac682faa5eb2f54db9401555de9c418f9cf4cc43910f87a47effe3364d9592d2

SHA512
f711d131d12ce9c9519f3899930fcc2dc504b92fe606e53c1406740ac27648d9aeb32dcb3802a40c34904f343f9b8554744c234240cf1d2dda6659bfa116976c

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D60C40252-0001-10AF-E72F7FA6FE70SessionDevice.cls_temp

Filesize
70B

MD5
e1647d3d8051161f3688fdb200029b8d

SHA1
144ffe2d8117f78eb9579354e932319257058dca

SHA256
63a089ce1b378517ada236bc4012371476d51bbe2b52c2ca11668343ea4501bb

SHA512
b7bebc6630742baaa3a74a6c2ec320af08b8567e2f6eaf4becfebc21bcf4815b7a877f4374cce1e32eed3b7742bb8b84742d2e67d45866f840f98d75881db292

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D60C40252-0001-10AF-E72F7FA6FE70SessionDevice.json

Filesize
204B

MD5
25699ac10bd08b0e46408f508c50dbb9

SHA1
71137bf48ca0d35ccfa241bb0f19a9c4ccf699f5

SHA256
8c202152ab20aa812f73b3f3862cace69b7e84bf4bacf79d51a792b4aac2f5c4

SHA512
e394518f880030f959b93e65d149b80ddaf6308c7d80eb9cc16c05c9edb082bc5b23af7aeac8bbf8bad8cb440e2f49793acf4124fdea06b70de0a0fd649a4f24

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D60C40252-0001-10AF-E72F7FA6FE70SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D60C40252-0001-10AF-E72F7FA6FE70SessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/667D60C40252-0001-10AF-E72F7FA6FE70keys.meta

Filesize
51B

MD5
d25b47faff6f8f3f7d677ec899f9f858

SHA1
f0384a592500cd2165bcf9967e72cbf997bd08a0

SHA256
f3caafdb4961eca69917d73f51813ad9c5deaedf5e6b0f828d9136b0aeaa9e9f

SHA512
ede2e5740e9dcdd9f2992a0318f1cf51280644d520cc336ea5377f3b3d7eff6af18b3e4c7b9306e255463ab43f13b599ea007c8b09ed22f175a5b68fe5465099

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
903B

MD5
fae803d9ae03a8e70b1ce80a367f5f4d

SHA1
67594e9571fdac541d94f37d3285b2edf5c2a6a2

SHA256
3e4b1f129c657e367b0120e76d4190f87a7336c1d06bf6a4cc1460af464b5ecf

SHA512
e1d4030b6ae24367e5b109259acbf3490ee4f18b19d3d91b5f9a046aa33fff4f593be73629c47824dbe539445e704ae30b958228ba6477a7983066c1d9fe7c3c

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
428B

MD5
2f49a26780f8bccf4baf77c980f6cdee

SHA1
324263844ab81374fdc563acf9942f64fbd6ed8a

SHA256
f4477e9985a54f80a8f69692c855c62be1230a8d0a7e121ef3c249133fafb1e6

SHA512
c68283cc46c4e3982cd1edd026c87fae8849acd93b2f4cf0ea9e42d0ea27a3985da79cbb4fcddfd075a9385bd90ade3d96e5c402e39a26a7b24f661b05dbab77

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/fr.albus.albusoins/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_3ea39eb9-1c8a-4ac0-9184-61abe3bde762_1719492804833.tap

Filesize
340B

MD5
833d6d44adc3fa423833c9cffe2784dc

SHA1
b2790967310f7f448681c170d68d2f463d8ffbf3

SHA256
f3ae980bb5e65bc4f561eb1747786d2f76f2ee76034b480316ff05ebae81ff0b

SHA512
250c07db7b19e7f69c20f932b3b0aa48707342dea00371dc8c4641ccf7aafa3cebd06b9d330ba822dbd7a5de462f459dd0d13618717f68fb939d78feb42ea8c7

Download Submit
/data/data/fr.albus.albusoins/files/gaClientId

Filesize
36B

MD5
c5e1c0d672d4ecc9841cf9358ef1519a

SHA1
d3cc21e93f69e1763ec173ec589b1c1a91bf5e6d

SHA256
fbdb2eee728189b3b3f35bbeee97c2e5d93afe580d0c969b638ef373c3b3f778

SHA512
457c36192103ebf6d58942b4471fcc48335a2e0097385bad769993d2f1120f5814979074848c524da4bc4ec4b7365dbf5c843fb074ab85814a3c8eb96aee7829

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads