fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1

Analysis

max time kernel
12s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13-07-2024 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1.apk
Size

8.5MB
MD5

3fb2c2368484295cc33db07dda7be124
SHA1

23eb40d927ed79e225e78354c4af7d47f0f93e82
SHA256

fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1
SHA512

66a3def5c70398bbef54db97f6a8f567e8fdef1a9dc76c2f7a73656e8cae709b7fd05588f67a1b983c59e04ebf527f0faa99de9fb8cccf20b9bc2dfabb89f1dd
SSDEEP

98304:CcGgiTW5I9PDSn7wyngcfjDZLjBRTso56FSm8mvaThSDlD:Cc3+W5I9bccMg+ZHTso5038mvaTh8D

Score

8^/10

evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

net.dinglisch.android.taskerm

ioc process

/system/xbin/su net.dinglisch.android.taskerm
/system/app/Superuser.apk net.dinglisch.android.taskerm
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

net.dinglisch.android.taskerm

description ioc process

Framework service call android.app.IActivityManager.registerReceiver net.dinglisch.android.taskerm
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

net.dinglisch.android.taskerm

description ioc process

Framework API call javax.crypto.Cipher.doFinal net.dinglisch.android.taskerm
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

net.dinglisch.android.taskerm

description ioc process

File opened for read /proc/meminfo net.dinglisch.android.taskerm

ioc	process
/system/xbin/su	net.dinglisch.android.taskerm
/system/app/Superuser.apk	net.dinglisch.android.taskerm

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	net.dinglisch.android.taskerm

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	net.dinglisch.android.taskerm

description	ioc	process
File opened for read	/proc/meminfo	net.dinglisch.android.taskerm

net.dinglisch.android.taskerm
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4263

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0154-0001-10A7-CBA2DBC81F17BeginSession.cls_temp
Filesize
77B

MD5
0f586fbf3dc8f2e5d805f95da060efd9

SHA1
10eaeae88cb0bbe71e735591ad0fa53a6b620819

SHA256
28c9c508eb6895fee13787775abf1c7ad173733d0013d9ed5ca5d470dd4af9a0

SHA512
b1939c9a1854190ca3416a142d95d755300b2b5e49bca446dfaeb15111cec4062925a78e6d5dc4f24719740ce80aa1fe2b5758f2365ccbd72618fa1101edefae

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0154-0001-10A7-CBA2DBC81F17BeginSession.json
Filesize
132B

MD5
f03b13bb8b828b76726c50e33e3b51f8

SHA1
36a82a4bae2f2febe34567a9d4cf1ed340e7fac6

SHA256
b4164b877d52e42497755971c24b9d1d36027404e7caad32747cd0964dfefba5

SHA512
21ec4c251ab25bcdd5877c1f7c204ab5fd7b0b1d7832807557d70ac8851776e34469ccdd9ec1cda4f6c4ef9f0d5deff1dc421412ec32cbcd3f77e7f673cc3548

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0154-0001-10A7-CBA2DBC81F17SessionApp.cls_temp
Filesize
132B

MD5
7318f53c98318e12a4e08c5ab204b5e7

SHA1
e09dd84be691d6fce4738ce1124ce6594cb1cae1

SHA256
5baee0811af89a30e1d9b93ada8f693c63f7980747a62e30e78f9794dae6cce6

SHA512
95e34277d937a7cd509ca9c4968d6145284972522fc1d1d4daf8e26df1533da49e00af9da88d825b1c9a237524a6874121b4a647c84b5a5ff5bb996926a2b35b

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0154-0001-10A7-CBA2DBC81F17SessionApp.json
Filesize
245B

MD5
152cdd7ee0b0f7c1248b3215b6ba43a4

SHA1
68569c43490c9b39e2907282a484226904dc847d

SHA256
941f98f3cbdeea25a1f4cd0de822592100c3d53258fb8e401d6f2aaedc50ccf3

SHA512
1244a42bb0b6615014d8c2fe5a93cc0f4423f2cf4f95009cdd0a9fdad370bd04ec9a65cd94beddb9d25cab5c11dce1e447e6fa934181c4ad454acea75391a42b

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0154-0001-10A7-CBA2DBC81F17SessionDevice.cls_temp
Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0154-0001-10A7-CBA2DBC81F17SessionDevice.json
Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0154-0001-10A7-CBA2DBC81F17SessionOS.cls_temp
Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DD3E0154-0001-10A7-CBA2DBC81F17SessionOS.json
Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
448B

MD5
ce7049166c12e21161bae652efe1493b

SHA1
44b0aa428960dc8259ff3cdf9bbc7531e2482e99

SHA256
14ce0735de02769995037f7d0cdc4a9b5a03b8e1a1290310ccda7dfb5a713778

SHA512
277b22ac2de8628690a0006be774f9be0e4d67f8a75b1cdf5d1f9f618fc2b4b75f81162b500f28c07823458ee0e6c3ba97eee36a5b748591f448113ec28d74a2

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
917B

MD5
9aa55808f18b30673d491d370664fe23

SHA1
77f1711e20911f6fc05426c3cae15b357364ddaa

SHA256
8dd1bc6d24b402e44174e7619df240bc39c8cf58c586db8de8e738b72b1ec991

SHA512
7f511ed3339865210f6e7a9a70613aae676d2881f7a03c220d5a9add7d9ddd594f1334483753b52420a0aa2d381a780eaa46044867d16df027f64e6867f9ecbe

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_f50361e2-82b8-42c9-9002-86edcf37945e_1720835390932.tap
Filesize
359B

MD5
d6811a05ce289c044cbc9ab22b6b8f1f

SHA1
b1ae171384cad921a46579fac62317b1f85444f3

SHA256
d08c1be095a398344698fd0be56779b6c0c5c1f0ebdc3ea34513fd7bc9c74a0c

SHA512
41b8693313c3683a4d7d4ee68fc777ed409889f3b075e7699df28ad73f3d3d71e01710b64482dee08ab25b949e863bddd70c5f8ac1aa311dce7cd63dbaa0999d

Download Submit