0f90c651161ecb4ec0c96ab1008b372e4970adaf8ce1941de84243aab1c9d3b6

Resubmissions

23-07-2024 19:42

240723-yepsjathjq 10

20-07-2024 23:18

240720-3aeh8a1hmq 10

Analysis

max time kernel
67s
max time network
27s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
20-07-2024 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TeleMod.27.apk
Size

4.1MB
MD5

81223bc6ee78bf9157421e28e0171d5e
SHA1

b4911bd05e27dd0ee2ea6f9b67dd39a203a06486
SHA256

0f90c651161ecb4ec0c96ab1008b372e4970adaf8ce1941de84243aab1c9d3b6
SHA512

f79c330618fc8ecc1b30a22a73db8cc9a0e73344854c0f1a087c8b9b0839797f73efe9d3546a46448387141dc1b137a212f5066d4b51267fcd14e2046396e253
SSDEEP

98304:Xk2ky2xC19NGDDomyTsY+FJJaeDXkIdV6nXrjy:XX2acXoMHHQAV6Xr+

Score

6^/10

persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.telemod.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.telemod.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.telemod.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.telemod.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.telemod.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.telemod.app

com.telemod.app
1⤵
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4248
- sh
  2⤵
  PID:4293

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.telemod.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
429B

MD5
0f43a60ba83c2cd12a3df693836a920b

SHA1
2320e8f4a64333b1763065a98ebf7fd2a8dffa5a

SHA256
12e43937b43c79fbf179c6faa48396366a388899e81f334b966168ad3f72976c

SHA512
7d427ff5d07987d1d55b3e1a90e46dce385d66c087cf4e14c2861817227dfdfc87f1f4f38c3c6e52aa77699f55bb7c9a29fa447745aa3a2d5ee0ecbfa2090e5a

Download Submit
/data/data/com.telemod.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.telemod.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_a9474e34-4df9-4cf7-9b67-cf0c5299d3a9_1721517525907.tap

Filesize
344B

MD5
43408c4dbdad099f78028b83b3cae6ee

SHA1
adf1a228be9c22cdd7131f1ccb164102af342b8a

SHA256
d127271590edaa264396d95a4c51795b36868a0ad197c7236a0789eb1e02bdb6

SHA512
6c7bede18445b43a02217898b255a99a24a20717176191d19dc229c1a1c0474b2c0e8e64c68714da9ec95e3fcd814c43ca0d509745014387b34a674c4b8d6d6c

Download Submit