c5a43a9f51cbb3d1aa6f1769452c86d8fa7c8bfc0d542f69ca8b02cc3de29054

Analysis

max time kernel
179s
max time network
187s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
28/06/2024, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5a43a9f51cbb3d1aa6f1769452c86d8fa7c8bfc0d542f69ca8b02cc3de29054.apk
Size

3.5MB
MD5

96f805977cb2fc4f443cad38eac119b9
SHA1

272db6d72cdd948ee82634b056c6d457f6f9c99b
SHA256

c5a43a9f51cbb3d1aa6f1769452c86d8fa7c8bfc0d542f69ca8b02cc3de29054
SHA512

fcacedcdcb15dffa95edba86f0b78a101525ac5a5d7942b13c5fccea860ebddc496a6a03e510c8ebb589d051f69fa972a7c8439f059cef8f60ee91eff7daeeb3
SSDEEP

98304:Ivgb9YxJTutZ5PbL9aoEV1xQaiXYM4jfPv1uPpfrd3O:IvgpY/6tngvGa/7v13

Score

8^/10

collection discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	f7kzkbro.sj74vqw9.buw1xuz
/sbin/su	f7kzkbro.sj74vqw9.buw1xuz:Workbbb
/sbin/su	f7kzkbro.sj74vqw9.buw1xuz:Daemon

Queries account information for other applications stored on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	f7kzkbro.sj74vqw9.buw1xuz
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	f7kzkbro.sj74vqw9.buw1xuz:Workbbb
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	f7kzkbro.sj74vqw9.buw1xuz:Daemon

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	f7kzkbro.sj74vqw9.buw1xuz
Framework service call	android.app.IActivityManager.getRunningAppProcesses	f7kzkbro.sj74vqw9.buw1xuz:Workbbb
Framework service call	android.app.IActivityManager.getRunningAppProcesses	f7kzkbro.sj74vqw9.buw1xuz:Daemon

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	f7kzkbro.sj74vqw9.buw1xuz:Workbbb

Queries information about active data network 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	f7kzkbro.sj74vqw9.buw1xuz
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	f7kzkbro.sj74vqw9.buw1xuz:Workbbb
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	f7kzkbro.sj74vqw9.buw1xuz:Daemon

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	f7kzkbro.sj74vqw9.buw1xuz
Framework service call	android.app.IActivityManager.registerReceiver	f7kzkbro.sj74vqw9.buw1xuz:Workbbb
Framework service call	android.app.IActivityManager.registerReceiver	f7kzkbro.sj74vqw9.buw1xuz:Daemon

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	f7kzkbro.sj74vqw9.buw1xuz:Workbbb

Checks memory information 2 TTPs 3 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	f7kzkbro.sj74vqw9.buw1xuz
File opened for read	/proc/meminfo	f7kzkbro.sj74vqw9.buw1xuz:Workbbb
File opened for read	/proc/meminfo	f7kzkbro.sj74vqw9.buw1xuz:Daemon

f7kzkbro.sj74vqw9.buw1xuz
1⤵
- Checks if the Android device is rooted.
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5056

f7kzkbro.sj74vqw9.buw1xuz:Workbbb
1⤵
- Checks if the Android device is rooted.
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks memory information
PID:5099

f7kzkbro.sj74vqw9.buw1xuz:Daemon
1⤵
- Checks if the Android device is rooted.
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5275

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/f7kzkbro.sj74vqw9.buw1xuz/app_crashrecord/1004

Filesize
243B

MD5
d19a523b3059a5d843cca0016657eee9

SHA1
a0ee109c835277b6d2f51f2c20291a84b0e2b6bb

SHA256
ff317eea10dcc46daf08de6a1da3900ce254a38b673ae832dbd29fe575e8094c

SHA512
19b4709c16de4e262c1a32e592216aa7fff8695c1de23ea8876631661be8c1aa60b55c05a95648934b88e52114a8199734b3988733483254e2ef923d9f85830e

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/app_crashrecord/1004

Filesize
250B

MD5
626655aff0947f0be014c8db832b7314

SHA1
49336cde8396ec7ef67b41ae1b83b99154166a02

SHA256
758230492bc6090d2b4b9cc3f219e487dc8a002cbe4ed69534221caf298d47c5

SHA512
ea056cdbb3fdd41bb32980ef760db6d6243cd5437c1d32d685ea0d8ea5a845928aa6b5c265838eed3dda3125d67d32ac5e3c5181144151503d30dd331d67b37f

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/app_crashrecord/1004

Filesize
8KB

MD5
c624b1d55f54f8c4b1774810b2927e76

SHA1
d205f2fb6dcc0b3f2f1e3f492861915a433f39a4

SHA256
54393c74e896f65332be1826332c799fd5d64d6b0d060531e287289cb508d9af

SHA512
d5e65b255dd5da49526ab021379d1e69bbe65ce11d8152e656ba39fc64e7ddcc521ff8655e11b61b27a53ca8de309cdf01f81e6afee3a6fb44afbe5d07d629d9

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/bugly_db_

Filesize
60KB

MD5
a67fb11bac3a374c8abf900a1e86e6b6

SHA1
2c35ce588e894e8be8a5f77f67f0ad9e7e59bcf7

SHA256
f55d97b7fd99333e1647c8fd597bef23149d8ddca7f4a36684b927944191768a

SHA512
c714eb20727d8b5ddc8cba7d45f67d89a2f9e332e624327c9d70dcc06f7a722dfe135b8820b40545b26c8698ab941052268bea846bdf41ccf27556d4084c142e

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/bugly_db_-journal

Filesize
512B

MD5
047729ba948b9f9256903a1be7e44ad7

SHA1
00faf546e22e71c11eebccf52ce126bac9026c87

SHA256
21f013aa2d18d7faa5cd07edae4c503a969ab8dd5608056581fc6a4d0676acc1

SHA512
1e851ad5e00f4d393b933e5be35cd32279706906945e9b8a60c7483dea313660b487de9ca6c0b24a692a176ddd8cc8082dafddf7d71b757929792b5b185e805c

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/bugly_db_-journal

Filesize
8KB

MD5
bb97ac6a091b2a12e87fddd1cd84fd1e

SHA1
a1a8124ff332836a1536c20d1b6fed6556fd8bf5

SHA256
7a5449c3837bb1c27fdaa583ff8b268deda04babcd90e8bed32cb3db5b935948

SHA512
8de7b0c5f6d52f43d2bb66106efec564e0d515e1c6230909422116ff314c2da850032c5dce4b39a42077c84227f7a7c4ddb671448ba0c364805a467df7f6a203

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/bugly_db_-journal

Filesize
8KB

MD5
dea41a63bb02a280f8e615f0e478182c

SHA1
8656ab5137049b2f78c201af1f1a29ed4e4442ad

SHA256
1e8ef890b87f88925e264891d1169f4c6a194ab97bc204ec08a171fb755b3ef6

SHA512
01f83ac088cebba88c72e1cd0f121647c62cde56d0d03ace8938bf9b0d99a1a58129bacd6faac5292c4b776df1596d92213d5aab85a457f8a9e1f70165d2ae41

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/bugly_db_-journal

Filesize
8KB

MD5
82c683e32df4863cad4f778199dc93e7

SHA1
8286569c9a2f94e1aaf6e01165f13c871cd1c38c

SHA256
54d297ef08d89100d8786693b7c4d210b058a11153a6a510008afb1382e7a513

SHA512
f65df0a6c8fbc61e8fb73933f570449c47e6e10d2113675344ba94b1acd6b46e719bed4c17b885ff9898eef424eff8614d84b2420d70b39309f4d169950dba9e

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/bugly_db_-journal

Filesize
8KB

MD5
f43d50296830054230733e50db950d9f

SHA1
e5dfbe314b2bb216a5cf68a01f06d668bb820441

SHA256
c654b9e24e6c354604739d0c355c647fa8d2985874882339aca51a6ec7491e0b

SHA512
41f6ff08114c0796bb59a82633a70bc119b4c2ce810b3996feb57a5a4832040cfb0d429bacec9857113ccc29eeef22acff2058b3b35534230f2a11ac28e1a540

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/bugly_db_-journal

Filesize
8KB

MD5
a9edf1a52076ad6b79f7ff9188c02126

SHA1
d98ef88ceba47221050300d388efe7b1b729338f

SHA256
9e1b050923b61128f4476b545340cc8860c6c0ae8fe314a0d580f56c5013bb07

SHA512
df18dff1c762f67fbd10b3a837ceab86907562b79c0646384ad797fcf38e97e2f3b58705c55bd69a2991f5e5d123ce37a40b2bf6afaa591faa97bce7ae155271

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/tray.db

Filesize
28KB

MD5
4bb7213243d550f73c10f7e9310c3c96

SHA1
0cc969351f448f7b4dc4afa3ab1fa0bf8a70632a

SHA256
714e619667f8e4b99b73f2f6c73c1c551980833f280a6a616908eddb5c5eb79b

SHA512
afa144c2efe3685a96f52d64c4bcf5019a93b82027a92c67ba507c087d37edb4e5946d7fd1fd05c2792516566b8fc5a20d9c3efc6071f823b93b7dfc25e06279

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/tray.db-journal

Filesize
8KB

MD5
5ad52a25df2f302b7d1d2346d6b3d324

SHA1
319ed61036ef35008b31959974ef78082feeb486

SHA256
57924774c577558bba97ebf6104080e54e223f0a32a90a45ced68bc220e5d5ae

SHA512
140857aeb655b5a3c8868e5d1b63ffb9bef25dcac1daa8640a6acd0cb1b7fdf3a4f5aedbe9982e5981df5cec540ef2a202810805ea9e75a4132d04fe7d967447

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/tray.db-journal

Filesize
12KB

MD5
90af3aad877d0a068d1a934c1d5cc67a

SHA1
2bc0853fe7e818525a14d9de4ae9b010a4f5d4b7

SHA256
68046103104c4eaf419e8d603ba0e351c46dfde08998c154c5e18a9e1a487795

SHA512
3ff842d4922029bb8c168a43cf8a9f5fbc7165fc976772c90717975d2220a136db37bcbdb6b58759056addb0f1eeb5ec9487603bde81b2461062b36cddb2984e

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/tray.db-journal

Filesize
12KB

MD5
50008f8b7314349e04a9f0106659f452

SHA1
99966635837c6c695a30cfa2df232832fbefb4f0

SHA256
ae5141537b10a8d118a21d2d616bc5cf711901c8a13d0f6575db671d3f55f542

SHA512
dde325c5e6e6efe3eb1d7ffa6969e7dcda562b7a5427c8ebf3b2a93795e0567ad0f50a65fbb87f8395fd2297fa1ddf6f822595bd240fca834124e0cd63be6646

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/tray.db-journal

Filesize
12KB

MD5
329f8a6a239fa9101064d54a26859b2f

SHA1
aecea085dd45783c730da71cf45579db1bdee881

SHA256
43351d37fddf444277fa51a36265f89c1e3bcbdedd9687fda553a696af94dbca

SHA512
89818a410f5cb36e1f40ebaa250b30e77ccad9a9b03f6b474b5bc3cf38a18a8dd2360aea8600fad7e53776899bc572c15e46902cf1b456d8ba3ae7e7e7f4a398

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/tray.db-journal

Filesize
20KB

MD5
c2697f9add491a05f146276e139308b8

SHA1
9f91e1528f5aba459ed05b30bb4818c7e835af88

SHA256
c43114f27a0c226fb990aaa016b8afa8058ae2ee02c200169f270d2180661ec6

SHA512
517b4149f13c9ade767c8a5095e849bb92a0acecedcd6c1a316aa771e167769be3eb1a3d979148b49c949acdc759f4d3d5e0b9de0f53405036e9f684c517340c

Download Submit
/data/data/f7kzkbro.sj74vqw9.buw1xuz/databases/tray.db-journal

Filesize
8KB

MD5
d751b44986dbb09bae85d8c74d433377

SHA1
4517884222d4763edc8da80115363f444290dd41

SHA256
90b8d15a4c7054e42d50796170a366c66ad082bb23652f4914c8717dfa4440e2

SHA512
2855cc9942fc52ce6ae37413f2b7c10703e5177b5ee3d7e3cce97e46d382ae5d2e2d79a2070f9b9ec797b705b4dc18264a1e99f00c7b650b02f5f9000c507979

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads