873518d10b945f049dc6324b0885867f3b698a311691aa13f8d65585a6a9f3ea

Analysis

max time kernel
47s
max time network
34s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09-07-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

appiop1.apk
Size

4.2MB
MD5

4afe9f053ba28e8d6e14a01b2186cd46
SHA1

16eb219827f25aad7a4ad2227123473f520e4bbb
SHA256

873518d10b945f049dc6324b0885867f3b698a311691aa13f8d65585a6a9f3ea
SHA512

557eb191694e3812578e3045c484e876e828902e1f77b4f0bc680bf303b8d34392636dce851440cc305d1b2edcd8b6e341eb2809abc4f65c693bbbe9f39a5cad
SSDEEP

98304:fQreIlC1toTwrIYrbvcJwNE8u9ho1hChR2I:L4C1jrjCwNEp9hS+YI

Score

6^/10

discovery evasion persistence trojan

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.vsevcadasecad.testjuly5

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.vsevcadasecad.testjuly5

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.vsevcadasecad.testjuly5

Aborts a broadcast (usually for hiding system events from other apps) 1 TTPs 1 IoCs

trojan persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework API call	android.content.BroadcastReceiver.abortBroadcast	com.vsevcadasecad.testjuly5

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.vsevcadasecad.testjuly5

com.vsevcadasecad.testjuly5
1⤵
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Aborts a broadcast (usually for hiding system events from other apps)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4247

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.vsevcadasecad.testjuly5/app_sslcache/test-1d6a1-default-rtdb.asia-southeast1.firebasedatabase.app.443

Filesize
8KB

MD5
5d2e2acb56f6c2c961626368ecfb4177

SHA1
fd242144c345186b723f862c2cd28b0e31c76aba

SHA256
27b6ee6918ef3cc328def2b5d39fdc4bc112294e2db4a509e04677e19344126f

SHA512
9d4f37b34c01783c64fd8590c0a345ec3d7bc156c331df874d9e8bbe29d4307adf02a6848547258af6573ee6692c0990512f08fdff97d0ff5516ee24fa8cbc34

Download Submit
/data/data/com.vsevcadasecad.testjuly5/cache/volley/-1954231640619625019

Filesize
865B

MD5
095f680c714bbb5d07c04ffa3bccc11c

SHA1
b35b1582802d25a64bfd241deb2bd6d6e81d50b2

SHA256
6e6c0c3921494ebe2a2469e644f1fa4dfeac147ab983bfbb11704ba80f339aa2

SHA512
5505630bc2ea5fd52d69d2534399d366ed1bb6f2663c3053c5033f2b9f67c00021fa91db5044a3195516a6a2e298202ab9a896bb41432175a8e033ae7736fb1e

Download Submit
/data/data/com.vsevcadasecad.testjuly5/files/profileInstalled

Filesize
24B

MD5
a8101a20407a7a820690c7b8a48daea2

SHA1
1c3dec9419c34a23609ffab1a67b1e299638448d

SHA256
da61f713fe25b8b7d3d9d2c13ece0df5df4b66ee76a0e568c9e4f2131560be3f

SHA512
8b5cfda7f0a9a893a80e79e9d7ec24ba3855bf5b6894a126ad969609d9cd16e50667e87f303ca55af75d1e830ed9a5908330a2650c19201c040f2f8cb9eabb84

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads