c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3

Analysis

max time kernel
48s
max time network
164s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
29-06-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3.apk
Size

3.7MB
MD5

1ca1896d0ffba709220d700f7ded2aea
SHA1

f23f58bb31a9433949b48e4e9e360f73413bae88
SHA256

c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3
SHA512

78adb38b01e748287059aba30aa4ca0bb16de605de84c3dc1a280e36667df50314dba978d4d77643c1c5d542057c2d6704d48bc463a76d83b9d07c860bb7fb6e
SSDEEP

49152:t0nP/Nw8c+csg28Qo/KruohdufgFOJHbXPF2CdUDydCiWh9gAWlrZ:WN/o/KruohdAgFOJH7kCdNArfg9L

Score

6^/10

discovery execution persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.hoarycow.msg

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hoarycow.msg

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hoarycow.msg

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hoarycow.msg

com.hoarycow.msg
1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4997

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hoarycow.msg/files/PersistedInstallation2422907184624528656tmp

Filesize
90B

MD5
c0b487166c839704b812989e63f06da4

SHA1
97c239337fc7e55aaacab62ee0843bf0826a848a

SHA256
d71959dd6d9bd8103f4fd34226c294c624a0dacc0be506288c98aae2cee40259

SHA512
cfe34076a151914ee1b545670afb7cd924ed3704927b2e2cbeeda2b8aff184ceb79e86a887b3988c2ce24312e4857268e5b3f0375e39f40a323b29471fbcc1d7

Download Submit
/data/data/com.hoarycow.msg/files/PersistedInstallation5055833050445069894tmp

Filesize
569B

MD5
9b2f63c286d9eed93288b92e1a17ee64

SHA1
ece48a12ed5d94c73dd5b1b62b33c27e10e80240

SHA256
24f214d47b0ce3b7330194af1eaeea270580142f1bad99acfaa987c592c939b2

SHA512
848ec210aa14e981c4539759a1dc0f7ceb7e5e1733ef3de8e614e3cc4018c6dc83f686e0c70807adb0b2a74c12cda6f892fa79c58ba611410abffe6fa7d0ae36

Download Submit
/data/data/com.hoarycow.msg/files/profileInstalled

Filesize
24B

MD5
7ff9dcade89addded498b85ec5781bde

SHA1
b593af05951b80e647f02242f15a3c52643d30d1

SHA256
3f0015cf5fc697d3cd93838839b267a0e86c032e4e2bbb70666dbc2df5d4cee1

SHA512
983cbb3e2deab837a45c43a31f2ba5fd0cff5fe3f2d14490c7bf46c32c780a6d4fc9594f22443a46dbb6644a0ace7e9b226e158cda2c151950638930fd4d9ccb

Download Submit
/data/data/com.hoarycow.msg/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
777efafeb996faf63f8fea7967c10b2a

SHA1
6d44411eff7716a6ba81f495a2b95a0c57dd8721

SHA256
10e66d47cac6e882010a83a950bbaa9a43645686a18370d3dba53b1f907889b9

SHA512
189a915a3da7b28e50fbbe858a8ba83de0900197f6596605beeb68f42bcea51f450c19eab21c45baec2dd5e1578dc08582f4da9de9beebfd9d465c387e6265c9

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
102da7fd9a9d8375a699c2fb2f393842

SHA1
f6cfb415bc2a1f302e2b3564e17dd114cce35dd1

SHA256
975cd3d575b62fb6c53052130545ca50057e3e45b88a183199c2d5b875e66fdf

SHA512
b6f9a9634c87892ddb4cea911c7763cd0ef9a4697a01e208da7038e940c10ec33bd106ddb1de6a6ead15240c4d87cddee16adcef2086036e0528142ee089f09a

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
56adff59582d30c12331a908e66e2fd9

SHA1
32120e0f78bee2a34d804120d9674e005f1fdd1c

SHA256
36aad183d46f21c10f9be636eebc38749e1e501ae8169385024230f8802f7e9a

SHA512
e4b6ddcab435fcfe7188de9cdc0f7e0bd4e9b331549e2298a02c164f7b622184e3cd75b7d3f5d4bb2cfd9008feabfccc6df7b48451cc3f3d117ec1bc0edbf91b

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

Filesize
189KB

MD5
bf2a6d7a9fc2a8fd439004aa16f351db

SHA1
e7fbe17926bdeb0cd9a3cd8cae016f35f95f4a96

SHA256
19e21367374596055b29f97d1d14b0e791eda9c46fd9b235fa101fc3efdce533

SHA512
59723ef7d0e3c72be97d48177e192616ad5728a17ef93018b9e328a5f8ad04bff3fe03cc8f5dbc2c9c7be35021484df91deb15b172cac0703aad1df44e3b7983

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
6785e38949fab3e91a5d149fb996467c

SHA1
191027308b429a1b1fff47f836296e639e43152a

SHA256
300f7fd6498574bc589359b771e42ac54f2b4a4ad57d7e8f293edfd2e5bef689

SHA512
ad050902c2ad8776349afb237e2e533e066ebda3c3fdd4e3d7926f3b7ae7779cb5215e7aa49af9ce8eba47307f7b02f92ba9b019cd2031df398fab3d6a0f0d4e

Download Submit
/data/misc/profiles/cur/0/com.hoarycow.msg/primary.prof

Filesize
1KB

MD5
b3ed04ca5cf1331fb379b9ecf1adce5b

SHA1
158c97c2f12835aaf6df01e1ba8e82ec10f785bd

SHA256
183d9008adce2f7d578bc548d014c67e2f8079d534c8c306b5886574c8bcf08a

SHA512
014440aa71ed66adc3ed1c616f24a7e2566a82e21fd4949713490ad1b74688aa1e3986712f74935f7c5b1de04aab71fd7c401871d1a21a21d24abfcd83078f4a

Download Submit
/data/misc/profiles/cur/0/com.hoarycow.msg/primary.prof

Filesize
4KB

MD5
8bb312eed0c0766755a58f078644f0ce

SHA1
851d52ce3bcad559ccdcb9a2bd6fc70f1f1bd5d3

SHA256
635aaf673decd0fd4ec9d848ba95bbfbe3598b658ead18d6c974839c98856df3

SHA512
6a4be22c6b2a93fb7eeba0a572151c33bd06b01cb2b20ab9d61a3cb4c6aa0093931d5e56b99b3cbbbe0711d4d651f9f53c81f3d7159b1c1bd91bc07719bd8cd5

Download Submit