c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3

Analysis

max time kernel
9s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
29-06-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3.apk
Size

3.7MB
MD5

1ca1896d0ffba709220d700f7ded2aea
SHA1

f23f58bb31a9433949b48e4e9e360f73413bae88
SHA256

c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3
SHA512

78adb38b01e748287059aba30aa4ca0bb16de605de84c3dc1a280e36667df50314dba978d4d77643c1c5d542057c2d6704d48bc463a76d83b9d07c860bb7fb6e
SSDEEP

49152:t0nP/Nw8c+csg28Qo/KruohdufgFOJHbXPF2CdUDydCiWh9gAWlrZ:WN/o/KruohdAgFOJH7kCdNArfg9L

Score

6^/10

discovery execution persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.hoarycow.msg

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hoarycow.msg

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.hoarycow.msg

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.hoarycow.msg

com.hoarycow.msg
1⤵
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
PID:4606

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hoarycow.msg/files/PersistedInstallation2167764759371191179tmp

Filesize
569B

MD5
b545aa62180fa681d71c80e1d77ef077

SHA1
868188e949ed5a1bb969a2672eb408e827223b88

SHA256
30d5ec609827a11806095d64262fc78cb9732d826f22822b26e043ae3caea383

SHA512
13f2b93ea69d27d7699a065a4b8952483b2529345d13a29529c96b44a36b6fd9a90800c6079607b803cc44165995922794ee4f851f8efef18811e0bae41c1986

Download Submit
/data/data/com.hoarycow.msg/files/PersistedInstallation4314335670290471056tmp

Filesize
90B

MD5
085fc612940f9ee363c1e77fc09116f6

SHA1
a93ea9caf8cff1bec184d78ad63ef9954e32fb65

SHA256
5fb25a95e5cd3f0197e692efde135fc6b7521eb6e23b3e4e49ce83ee1d5a7d9e

SHA512
4587aa6b85b73d96fe2a143f4ad9cdde01bba127dfd24be7f7e35e969434c1bb28e1d1f8f70a090bdf40357359eb9d7386774a3139b33859f80c1493a14b151b

Download Submit
/data/data/com.hoarycow.msg/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
3a29138ad173f8df0dabe520a428fa85

SHA1
4e17ab0ea9bbd2280a0d76dd3f2172542d897381

SHA256
48cd721b910448615cf6504e00107daf43a6d9f62e2d0a142fbf89093a75f293

SHA512
d32030e2df005de6e20c381f0bbe9cf67f7a3b9b86a4e8b550477ae70ca87156e59032370cb6db037c084abb735ce314035064f74ae0bf7cc57b6f748bc91c6a

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
e7a85c66e9f5111bae93d5fad18d6397

SHA1
964bd351e97b88af5863228487d169a4bc73f3b6

SHA256
2c97d38856d148d31c4dfd95edc8b395e2f7332247d95eab8cf6fa31f6791f69

SHA512
e09cb831a9d0d1b5bf6da8b4646089db9c5e9555e0c656174521e5880a1566c64b83a6f2d0ac13904c9b18f9c09f987440f1d07b77992b6507118a62cd76ba7e

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
e7fb5e711aac7d0ba273286c53811441

SHA1
e952bac536978d9ef13fac48900c324edb3916aa

SHA256
ce5835bdb4e3a87d45a8e3032bbf01fc33b58a18bc6ae3d7e7b5d0e3152aff34

SHA512
6d2a5105b95f0d6897632a3af6e188e96ffecbe884d55d78c1c4912b34072467333f01620b6e96cc2b2ee770f863023a83aaee942567dbdfcde13a9940e4562a

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

Filesize
181KB

MD5
917ec5f4419bbbbec803e9921475e2cd

SHA1
360ec7f3b7bdcd4d1831429b6797718b988685a2

SHA256
f77a21d3dedefeec3e90f81ef939409db71ba6df3a0c6f2d06282deb290df35a

SHA512
01838a93dd6750602ac48366ecf1dfd148476d38fe885527eb0e970805a27e2ede4dd27cb95205537da11dc3baabf903d465ca8b419f642256773d02370c3c2d

Download Submit
/data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
5b8dacca48c60016daca38d2d5b5c74a

SHA1
f99d3882161d6fcedff9a3345eb20d370bd1fbd8

SHA256
beac716dbb6a6d17f0d377270d2bc396e8b1caf36171870234a0d8eee07264ca

SHA512
592ea26c429fac75dabe731792fd64709974ea9de2152bfdd2314ca3d87e20408a7498b08e69c67c248a0641f31bbe420e28b1fd8912cb1f777b305f276d1ba0

Download Submit
/data/misc/profiles/cur/0/com.hoarycow.msg/primary.prof

Filesize
1KB

MD5
b3ed04ca5cf1331fb379b9ecf1adce5b

SHA1
158c97c2f12835aaf6df01e1ba8e82ec10f785bd

SHA256
183d9008adce2f7d578bc548d014c67e2f8079d534c8c306b5886574c8bcf08a

SHA512
014440aa71ed66adc3ed1c616f24a7e2566a82e21fd4949713490ad1b74688aa1e3986712f74935f7c5b1de04aab71fd7c401871d1a21a21d24abfcd83078f4a

Download Submit