c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3

Analysis

max time kernel
10s
max time network
135s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
29-06-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3.apk
Size

3.7MB
MD5

1ca1896d0ffba709220d700f7ded2aea
SHA1

f23f58bb31a9433949b48e4e9e360f73413bae88
SHA256

c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3
SHA512

78adb38b01e748287059aba30aa4ca0bb16de605de84c3dc1a280e36667df50314dba978d4d77643c1c5d542057c2d6704d48bc463a76d83b9d07c860bb7fb6e
SSDEEP

49152:t0nP/Nw8c+csg28Qo/KruohdufgFOJHbXPF2CdUDydCiWh9gAWlrZ:WN/o/KruohdAgFOJH7kCdNArfg9L

Score

6^/10

discovery execution persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.hoarycow.msg

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hoarycow.msg

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hoarycow.msg

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hoarycow.msg

com.hoarycow.msg
1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4222

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hoarycow.msg/files/PersistedInstallation6577193063115417073tmp

Filesize
90B

MD5
b86e71309847d1873dac953a2eff154e

SHA1
03839406411bc3e3321034b130162833b4033e8c

SHA256
76168f81ee5b4529417e4539023688e591971560dfd2335d4cbed13af283c3a3

SHA512
e866523662608f23598042efacc732b731033d026318b950ca8ba09c179ee3dd9be01280b1408e05605a25739af5d3425babb55ee88d764bf34ab50340ad472c

Download Submit
/data/data/com.hoarycow.msg/files/PersistedInstallation6577484455942104356tmp

Filesize
567B

MD5
f099aa5c0ad1b2f1639fcbe69af8fb0e

SHA1
1fbc816d39ff40f7f0465892f98be8d91748be8b

SHA256
3ddea0a511375c06c0057039a2b4aa451835294e5e5db59bbda85d80698f2836

SHA512
35d55f5bb16d14db45f8be3c2740a6c312f1fb739055d405c084a11f2660458594125495fd783999a6a0212d7f6eef3e8a9ddc1bba743060581132f6e3244da8

Download Submit
/data/data/com.hoarycow.msg/files/profileInstalled

Filesize
24B

MD5
75f936e5d24b93f23358aad447723a26

SHA1
8f0a8ac291783db17c7d6a4ee764f70ba31dfb34

SHA256
bf1f81101c8172d9e04ef2fa98c06b827697c73c1c57f40e666ec501c5e1d676

SHA512
dbc1b347baabf541ed9ab09cd64cc82b7e56383c099f7448e11eadd14b5c0149d01595150db8f492557f594030c738d6378c7ac03501b39b76666a9b18c00dfd

Download Submit
/data/data/com.hoarycow.msg/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
1dad4d1152e0051d2e0c5202f1f2e224

SHA1
9597c948c9b4cb63ad059beba96f84ad78faabd4

SHA256
87a89717b3aa3675acabb9ea50114788d6c672d1dc96c7a2637773a1f967d2eb

SHA512
4ee95f3c569eca3bda5333da7f4a13b93255022f9a63c771a50229c4b1cefc509bb0b80c9a1c745f7c75246d5aa0ee0b780e0dfd0163058fa87773099309b9f3

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
3f987816df264c70926312e90b458b7a

SHA1
b080e66a8aae1dfe81aef964bdfa736809fa1434

SHA256
22a313fdb3125fd300cb70116ac27d0f24b0bee6a536921f327ecf2b6894dadd

SHA512
c41fae1c3cf507f8b41db8fbdfdaa98c8e790da986af03ffc3a452a9210ef88a29ea06dfbbd07ac5b835abb7cf38da6d55759afa99b484c7d05513608e6b9b14

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
ccf33abf73e8cc5ea42ad9d72a5d6ac0

SHA1
cd36cf367bd104c1e403e0b5bf7f5610f2bb85ad

SHA256
73cfa1a45f6e838f033610b208a24af9e2b2ba405043b199dfa6e251da7739dd

SHA512
45f5dda3bd606e70515ced32c9be4a9e0283b70785f01e386d077091fd3260e80f4e6f1067c50b7a1a87fe35220cfc22103b298b80ae8733c27d1c3915955c68

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

Filesize
189KB

MD5
292bdfa96671d6d267709f6c66ffa4eb

SHA1
1f4dc795b6d814a96f63bc2a83df74fc0240c374

SHA256
660691782c42638df3e1eebab73307047e80ac532c0fdc7e1ee99ef340dae6fb

SHA512
5c5cb6362fe6431619d8eb97f218c5dafb6a2ffad590753e04d410c7430c8f07365b3a306184c922cc170b7201a60391286f2552e04d5e8a44e488d8f503f776

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
90f4f7166fb5a5b8c5ac8c74757b952a

SHA1
e4b2b8daa36b137b0cbc80d1263042656b86f0b2

SHA256
21d1d23e8771a9d68a6916d85d71dce463c0abaaf8ae94450a0787238da4297e

SHA512
733db7d5f32ff7fb4728b4af032c8a31be5d99097afd13263210caf0fcc7374305a8477468c62af89d40b4758996b48fddad6a8d257512bc5b26760df878a9e4

Download Submit
/data/misc/profiles/cur/0/com.hoarycow.msg/primary.prof

Filesize
1KB

MD5
b3ed04ca5cf1331fb379b9ecf1adce5b

SHA1
158c97c2f12835aaf6df01e1ba8e82ec10f785bd

SHA256
183d9008adce2f7d578bc548d014c67e2f8079d534c8c306b5886574c8bcf08a

SHA512
014440aa71ed66adc3ed1c616f24a7e2566a82e21fd4949713490ad1b74688aa1e3986712f74935f7c5b1de04aab71fd7c401871d1a21a21d24abfcd83078f4a

Download Submit