873518d10b945f049dc6324b0885867f3b698a311691aa13f8d65585a6a9f3ea

Analysis

max time kernel
47s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
09/07/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

appiop1.apk
Size

4.2MB
MD5

4afe9f053ba28e8d6e14a01b2186cd46
SHA1

16eb219827f25aad7a4ad2227123473f520e4bbb
SHA256

873518d10b945f049dc6324b0885867f3b698a311691aa13f8d65585a6a9f3ea
SHA512

557eb191694e3812578e3045c484e876e828902e1f77b4f0bc680bf303b8d34392636dce851440cc305d1b2edcd8b6e341eb2809abc4f65c693bbbe9f39a5cad
SSDEEP

98304:fQreIlC1toTwrIYrbvcJwNE8u9ho1hChR2I:L4C1jrjCwNEp9hS+YI

Score

6^/10

discovery evasion persistence trojan

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.vsevcadasecad.testjuly5

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.vsevcadasecad.testjuly5

Aborts a broadcast (usually for hiding system events from other apps) 1 TTPs 1 IoCs

trojan persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework API call	android.content.BroadcastReceiver.abortBroadcast	com.vsevcadasecad.testjuly5

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.vsevcadasecad.testjuly5

com.vsevcadasecad.testjuly5
1⤵
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Aborts a broadcast (usually for hiding system events from other apps)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4972

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.vsevcadasecad.testjuly5/cache/volley/-1954231640619625019

Filesize
865B

MD5
38c5006b5cc119cfdd33a2b4ed716b6a

SHA1
e858ec851a9dc3081a65f286e9d0b746986faff1

SHA256
a25d3c197ca4a4e59d612641b8e303e00a8faf7b1f67b4ddc305f749694c546d

SHA512
9fbd269ae8d3bba78c0fe47483ddd9d91c82f6e027113b4a2ccc402dbb2b53bf839bf505e02e24206c892cc11fb6e54e5e129f5c084b71763eb384746cef503f

Download Submit
/data/data/com.vsevcadasecad.testjuly5/files/profileInstalled

Filesize
24B

MD5
3d86b66ea39a791dec59f729c8226ff7

SHA1
203591f9ab61f162530f7c56ecd94a2f390d11a2

SHA256
62a9df15b5ebe3b88fd0d85e33d5920b8dce35214458e62f2b9ac1fbec4cb82b

SHA512
406f7ac75b3de91c1b1b2f9cc724a3594d092db7fa4618ccb99fc6ed6caa1ad9469ccc3dbf90e4070876ce389ef52a63abe0f699bb48095524ecc30802efbe12

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads