0f90c651161ecb4ec0c96ab1008b372e4970adaf8ce1941de84243aab1c9d3b6

Resubmissions

23-07-2024 19:42

240723-yepsjathjq 10

20-07-2024 23:18

240720-3aeh8a1hmq 10

Analysis

max time kernel
169s
max time network
160s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
23-07-2024 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TeleMod.27.apk
Size

4.1MB
MD5

81223bc6ee78bf9157421e28e0171d5e
SHA1

b4911bd05e27dd0ee2ea6f9b67dd39a203a06486
SHA256

0f90c651161ecb4ec0c96ab1008b372e4970adaf8ce1941de84243aab1c9d3b6
SHA512

f79c330618fc8ecc1b30a22a73db8cc9a0e73344854c0f1a087c8b9b0839797f73efe9d3546a46448387141dc1b137a212f5066d4b51267fcd14e2046396e253
SSDEEP

98304:Xk2ky2xC19NGDDomyTsY+FJJaeDXkIdV6nXrjy:XX2acXoMHHQAV6Xr+

Score

6^/10

evasion persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.telemod.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.telemod.app
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.telemod.app

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.telemod.app
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.telemod.app

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.telemod.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.telemod.app

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.telemod.app

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.telemod.app

com.telemod.app
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4929

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.telemod.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
430B

MD5
381bc964f842288f43cb9b1813cb728f

SHA1
d8f59eae903f3e140c0756e5454768984f1783f9

SHA256
9f9ae33500ff97cb265f03a721ae39b960497fe7109ad96dfbfcb3f2bf86e2ed

SHA512
ef069db31d157a754dd991eb398f730849f1cf68e2882d1b34f1ea256a2433462fc9d43b6228e431cfdbb8fba9579c9df8dd4bdfa47329da985db4bc23211fda

Download Submit
/data/data/com.telemod.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.telemod.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_164d3adc-d92c-4efc-8147-6b9ce7c1dee3_1721763748816.tap
Filesize
346B

MD5
11616ad2b3d73ef57202873dffe69254

SHA1
9b8f49c62756338b50a1b9448067fc81017bc9c2

SHA256
bf7a12fdd626afdc73ee8ca554ce28e1f32b7a4834b740d42eaaa923ec8ed911

SHA512
032648697f78395919cf22458101baf4a60ade383ec76961208d29c1377a4b1ac5f5e50a08ab0cd2d549900d076061361e95366fa05b020ea74cf4707b422246

Download Submit