b3326d0f8f770c7b57791e06a8ac0bb0e4be48a0c26e45b8e589d4b59726bbfe

Resubmissions

15-07-2024 11:16

240715-ndlz5swfna 6

Analysis

max time kernel
34s
max time network
35s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
15-07-2024 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pyramid-rising.apk
Size

18.6MB
MD5

eff4059f725be0670f30ed5870aa5130
SHA1

32567011317ce85af77b9cf85724d3b9f6dee798
SHA256

b3326d0f8f770c7b57791e06a8ac0bb0e4be48a0c26e45b8e589d4b59726bbfe
SHA512

a56f75264144abed3e9f1388ed67759a56f79124d3e07669ede4c54f1dddb195b26f11f329b7e61f8721934895951b1f29d5ea7ea9b670e0f39ae25b5ef7f754
SSDEEP

393216:Eiju2Gh3mBZaYlhjjE+ZesJiIj5r26RdUmhiZ8A9K84XLGanIsCg3pij:EwGh3mBZa+o+ZCm5r22d3+8A54S+Isfo

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.bloobuzz.pyramidrising

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.bloobuzz.pyramidrising
Framework service call	android.app.IActivityManager.registerReceiver	com.bloobuzz.pyramidrising:com.urbanairship.push.process

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.bloobuzz.pyramidrising

com.bloobuzz.pyramidrising
1⤵
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4970

com.bloobuzz.pyramidrising:com.urbanairship.push.process
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5017

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bloobuzz.pyramidrising/databases/DownloadsDB

Filesize
28KB

MD5
fe85c0e4f5d8251763da4dade594124a

SHA1
b2196d13d889168808cc301e34a1a5259877e8f9

SHA256
68a0ceb2b4920452dc324fd95859fa999f4c1648e765c59a5483a82b8c4587de

SHA512
50bfff7541d4cac4d85c923963f37301320b24bf4b190b83773f2ae52cae572671f99fdba1d1b7f952e571a459a96f5d775c3410f36edcceceef8f7c324d5e4d

Download Submit
/data/data/com.bloobuzz.pyramidrising/databases/DownloadsDB-journal

Filesize
512B

MD5
5a91c87f4287b22f19a97fa0a6e31e70

SHA1
8441f904710ee05ce083b400fe81465f47be0da0

SHA256
164d05e9904030aff16892f8dfc1ada8e5679ae59aaf24c58e3b0a83dd2f6131

SHA512
52535fa30ed1b71086668760fa2e4121ce6a81697c59923756961e912ec84c23d960eeea7a7ccce3cf2232fea5dbd5f456abfbe41cc864cefac0765decf75b3f

Download Submit
/data/data/com.bloobuzz.pyramidrising/databases/DownloadsDB-journal

Filesize
8KB

MD5
2b6403c652a5f21e0fb154e7243e2360

SHA1
724a78a51a9847ea5f99f8697b5fa88b6cf7387e

SHA256
ae9e50e4e147dc2ea60d3f3be3598729d9c9585de2cb5f70b850f1c934c6f1e5

SHA512
7192056c10029eedd46f9ac2632084bea7b90a24c3092ba789e5fd1c8d786358c67438f8fed3ea8c8b42d430da0a2b178c519c85bada30cc44d765c4e5f9afb4

Download Submit
/data/data/com.bloobuzz.pyramidrising/databases/DownloadsDB-journal

Filesize
8KB

MD5
a310bae2f49a52bb195686f65181d597

SHA1
45bd7818b8750ab3a60f7cc21d62b691e3f034b3

SHA256
66f0c25800a65563236bb3bb00f9b5934dbcd33c604df406d146e8b2fca0d564

SHA512
93801479ec93d60bbb8d01787240673ef9643fc16df74c8563d024ca358cd8793e5b5382e1957d597c71bb31de1678bdde764afd01a73e6c77684897655ac4ed

Download Submit
/data/data/com.bloobuzz.pyramidrising/databases/ua_analytics.db

Filesize
20KB

MD5
3a1356fc15ce9823bfeb79b87a7286a2

SHA1
99396b19c8b3c48476b7c7fb3e44e0e423c3f2a2

SHA256
66e4598a9a1a86ff8d1f07b65a772ac90161dbd1433e087e2d86a02a43f24ba3

SHA512
8f57ba3324c1e0e9befd9a1a7dfbd3cec08492b1a62cf4984aaab129e04e8f458e5463bdb59be5a64fc40563a01fba977a972bc4e7acdac3030c79df8cd0b75a

Download Submit
/data/data/com.bloobuzz.pyramidrising/databases/ua_analytics.db-journal

Filesize
512B

MD5
d57bf2051cb26a60bc6a22f65725bc43

SHA1
e33fcc2832e37903c0c314d4e3910adb449a4bc4

SHA256
c7b3f4ffef3d5b8824a291a1d47403718697ff8ee80961a66c433129bb69e7fa

SHA512
5c3da490041d9246bc9286bebfdfee0cc684411e31dca8fdf7787cf76b65c6ffd0eaf140412e282c25dc807c02a324917216451aef93c5ff7d6d2843db38583f

Download Submit
/data/data/com.bloobuzz.pyramidrising/databases/ua_analytics.db-journal

Filesize
8KB

MD5
bf884b303ba99a46edfd23d8aa4f1bcf

SHA1
b7336f46888afdc82924ea6415670624803a2537

SHA256
f82d82e09d8b30117d12a096f5f2e2c2f903d2a97b9dd389ee0025e2c4227aa5

SHA512
ba2d32aaad193e2f208285a0cbbe8e6d4b6aa2c40184d63874f0bfb9a4585bdbb59882a11649809d642675b23dd980fb9e62ad5920f9bc3e2d76c33132cadf6b

Download Submit
/data/data/com.bloobuzz.pyramidrising/databases/ua_analytics.db-journal

Filesize
8KB

MD5
9e8b1e3e30ec15e2e33d753df6d966e9

SHA1
ca0ca661ab28d47f9fbfa202207c27779db994e3

SHA256
d5ce7a7c9d7e95491bb527145f1985ef10ca44ac464144e5dd77d797dbfa24be

SHA512
d0a9e697538727c93512b7ee06cc7085df28666dc4978fe056f0b9925759c6bc8846732d01d3344e755865132f8bf15c9b21ffbb0af17a52eb238536ebae580c

Download Submit