e7cd1bcd6452bacd1176be56d183d4dc4960615740d854c686a1b1e3d8cd13e0

Analysis

max time kernel
193s
max time network
335s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03-07-2024 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sms eye app_src_mod.apk
Size

7.7MB
MD5

ce9377a43039e9a9b6d19cddfce9f35e
SHA1

88b24c7c0a26abc6a8284c74af21af7ca044e288
SHA256

e7cd1bcd6452bacd1176be56d183d4dc4960615740d854c686a1b1e3d8cd13e0
SHA512

c29b990b584ce46d7d25f12299dc04488cc5c8aa2503b3370ca17aef114990d618f060c3f6518bbf59bdad7eb405ff9249ee77cea8b3a6b2f1084c014e820dd6
SSDEEP

196608:KwXcCnmhMHi3xtvYrJaOy/4JsaiSxcymkF85:KkXmeifuarAJpiFymk2

Score

6^/10

discovery persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

41 camo.githubusercontent.com
42 camo.githubusercontent.com
43 camo.githubusercontent.com
44 raw.githubusercontent.com
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

abyssalarmy.smseye

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone abyssalarmy.smseye
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

abyssalarmy.smseye

description ioc process

Framework service call android.app.IActivityManager.registerReceiver abyssalarmy.smseye
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

abyssalarmy.smseye

description ioc process

File opened for read /proc/cpuinfo abyssalarmy.smseye
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

abyssalarmy.smseye

description ioc process

File opened for read /proc/meminfo abyssalarmy.smseye

flow	ioc
41	camo.githubusercontent.com
42	camo.githubusercontent.com
43	camo.githubusercontent.com
44	raw.githubusercontent.com

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	abyssalarmy.smseye

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	abyssalarmy.smseye

description	ioc	process
File opened for read	/proc/cpuinfo	abyssalarmy.smseye

description	ioc	process
File opened for read	/proc/meminfo	abyssalarmy.smseye

abyssalarmy.smseye
1⤵
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4263

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422