Analysis
-
max time kernel
179s -
max time network
178s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
01-07-2024 22:04
Static task
static1
Behavioral task
behavioral1
Sample
0636edab4dabf01f5e6b8c823d95753dbab1509aeddc2304340a050a864273cd.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
0636edab4dabf01f5e6b8c823d95753dbab1509aeddc2304340a050a864273cd.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
0636edab4dabf01f5e6b8c823d95753dbab1509aeddc2304340a050a864273cd.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
0636edab4dabf01f5e6b8c823d95753dbab1509aeddc2304340a050a864273cd.apk
-
Size
623KB
-
MD5
0d25de917b1144f6fd6af5b2748235b9
-
SHA1
8657043ff307f7c513010aba7da3b6fd1342377c
-
SHA256
0636edab4dabf01f5e6b8c823d95753dbab1509aeddc2304340a050a864273cd
-
SHA512
223870828eacb1f1a38bafc5acc65afdbafcb937807ae3253d1c3d5112b4b585313746e55ccae227456e4168f3e1bef1751186397243610d0614293d9616cf03
-
SSDEEP
12288:dreAwPKEY8C8cYBp4ygKo7mZxETq/WccHZaecRrgn/yhYejLco0DrO:dreBtFhWgyvcNHQrO
Malware Config
Signatures
-
Processes:
flj.toxzj.ynopid process 4253 flj.toxzj.yno 4253 flj.toxzj.yno -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
flj.toxzj.ynodescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock flj.toxzj.yno -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
flj.toxzj.ynodescription ioc process Framework service call android.app.IActivityManager.setServiceForeground flj.toxzj.yno -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
flj.toxzj.ynodescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo flj.toxzj.yno -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
flj.toxzj.ynodescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone flj.toxzj.yno -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
Processes:
flj.toxzj.ynodescription ioc process Intent action android.app.action.ADD_DEVICE_ADMIN flj.toxzj.yno -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
flj.toxzj.ynodescription ioc process Framework service call android.app.IActivityManager.registerReceiver flj.toxzj.yno -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
flj.toxzj.ynodescription ioc process Framework service call android.app.job.IJobScheduler.schedule flj.toxzj.yno
Processes
-
flj.toxzj.yno1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Tries to add a device administrator.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4253 -
/system/bin/ping -c 1 8.8.8.82⤵PID:4286
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4320
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4342
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4360
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4380
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4398
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4418
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4436
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4457
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4481
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4501
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4522
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4543
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4561
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4600
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4641
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4665
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4684
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4705
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4723
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4748
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4767
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4791
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4812
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4833
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4852
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4874
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4892
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4912
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4933
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4956
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:4975
-
/system/bin/ping -c 1 8.8.8.82⤵PID:4996
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5014
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5034
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5053
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5077
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5095
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5115
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5133
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5164
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5183
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5203
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5223
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5246
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5276
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5296
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5314
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5334
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5352
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5372
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5390
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5440
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5461
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5492
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5510
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5532
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5550
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5570
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5588
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5610
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5631
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5651
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5669
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5689
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5707
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5727
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5748
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5768
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5789
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5809
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5827
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5849
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5867
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5887
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5905
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5927
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5956
-
/system/bin/ping -c 1 8.8.8.82⤵PID:5979
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:5997
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6017
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6035
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6055
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6073
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6097
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6116
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6138
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6156
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6176
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6194
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6216
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6234
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6257
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6275
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6295
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6313
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6333
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6351
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6383
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6423
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6446
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6464
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6486
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6504
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6524
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6542
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6564
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6582
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6621
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6639
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6659
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6677
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6697
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6715
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6735
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6753
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6776
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6794
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6816
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6834
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6854
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6872
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6894
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6912
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6935
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6953
-
/system/bin/ping -c 1 8.8.8.82⤵PID:6973
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:6991
-
/system/bin/ping -c 1 8.8.8.82⤵PID:7011
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:7029
-
/system/bin/ping -c 1 8.8.8.82⤵PID:7058
-
/system/bin/ping -c 1 www.baidu.com2⤵PID:7088
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Device Administrator Permissions
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
414B
MD5cc60cf14387c1bd5dcf03b423eb9976c
SHA1b032561b0c81637ae3a20de5b1159ba62a4298f2
SHA2564d14f36b656297ce826d1f95dece4bea9f33e7152ae20e6759861a866d56ebcd
SHA512b0a0671b2dd3f87622f311e1ac7a4fcc3a10234ffa22d80dc9e48e56a917f495845cfbe65eeb02220351f8c6918d0ea1a1b2ebabf7666a7ec04934f323489515