Analysis
-
max time kernel
173s -
max time network
184s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
01-07-2024 22:04
Static task
static1
Behavioral task
behavioral1
Sample
0636edab4dabf01f5e6b8c823d95753dbab1509aeddc2304340a050a864273cd.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
0636edab4dabf01f5e6b8c823d95753dbab1509aeddc2304340a050a864273cd.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
0636edab4dabf01f5e6b8c823d95753dbab1509aeddc2304340a050a864273cd.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
0636edab4dabf01f5e6b8c823d95753dbab1509aeddc2304340a050a864273cd.apk
-
Size
623KB
-
MD5
0d25de917b1144f6fd6af5b2748235b9
-
SHA1
8657043ff307f7c513010aba7da3b6fd1342377c
-
SHA256
0636edab4dabf01f5e6b8c823d95753dbab1509aeddc2304340a050a864273cd
-
SHA512
223870828eacb1f1a38bafc5acc65afdbafcb937807ae3253d1c3d5112b4b585313746e55ccae227456e4168f3e1bef1751186397243610d0614293d9616cf03
-
SSDEEP
12288:dreAwPKEY8C8cYBp4ygKo7mZxETq/WccHZaecRrgn/yhYejLco0DrO:dreBtFhWgyvcNHQrO
Malware Config
Signatures
-
Processes:
flj.toxzj.ynopid process 4933 flj.toxzj.yno 4933 flj.toxzj.yno -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
flj.toxzj.ynodescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock flj.toxzj.yno -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
flj.toxzj.ynodescription ioc process Framework service call android.app.IActivityManager.setServiceForeground flj.toxzj.yno -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
flj.toxzj.ynodescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo flj.toxzj.yno -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
flj.toxzj.ynodescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone flj.toxzj.yno -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads device software version 1 TTPs 1 IoCs
Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).
Processes:
flj.toxzj.ynodescription ioc process Framework service call com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot flj.toxzj.yno -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
flj.toxzj.ynodescription ioc process Framework service call android.app.IActivityManager.registerReceiver flj.toxzj.yno -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
flj.toxzj.ynodescription ioc process Framework service call android.app.job.IJobScheduler.schedule flj.toxzj.yno
Processes
-
flj.toxzj.yno1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Reads device software version
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4933
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
414B
MD5cc60cf14387c1bd5dcf03b423eb9976c
SHA1b032561b0c81637ae3a20de5b1159ba62a4298f2
SHA2564d14f36b656297ce826d1f95dece4bea9f33e7152ae20e6759861a866d56ebcd
SHA512b0a0671b2dd3f87622f311e1ac7a4fcc3a10234ffa22d80dc9e48e56a917f495845cfbe65eeb02220351f8c6918d0ea1a1b2ebabf7666a7ec04934f323489515