Analysis

  • max time kernel
    52s
  • max time network
    43s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    25-07-2024 10:31

General

  • Target

    40038ced4b0bb94a60f9f7ed996b98874f0ca83eacbc159d222931f4fd4a9802.apk

  • Size

    16.9MB

  • MD5

    10eb8f801521ef9ca100c8d266d92b02

  • SHA1

    7f90bda0f76fb8c43bd915681748d2020ccba995

  • SHA256

    40038ced4b0bb94a60f9f7ed996b98874f0ca83eacbc159d222931f4fd4a9802

  • SHA512

    dc4fcec39c326aa789e7d79fba7b19125657fdd4bf8d6cd498b9c2f83db3b5a9ee46b752d44b826f8fbef1529803254bd5b2d3bdc9713619960ebc9487aadf2a

  • SSDEEP

    393216:/yu+eBuxnLtdTuWfkqq0FcSnFDvUaJgesozQFwfThAub7cr2udiO+ev:/yuQtdFnOaJtZ0sThtqHdiOnv

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.android.tester
    1⤵
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4208

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/blokada/config25-07-2024.log

    Filesize

    85B

    MD5

    12ad645cf46561dc6d3677aaca8e0ea1

    SHA1

    08693d347c95adb63db74fba474ee69ddf47ff0f

    SHA256

    9c5aae86f6846567092ced380782a2f1551a6108902f106da1b5618e9134d8bc

    SHA512

    cf926ad82b3f4a801d1907d3c78e462018f3c69c8dc77b4cbdd975c0aad5396b6a979e043960af5b2ce30ccaaa88cc490f1a6b500fe2b4c6557929dc1c963cf6

  • /storage/emulated/0/blokada/config25-07-2024.log

    Filesize

    881B

    MD5

    5b8032d90ca464e8f9379b97d70d1e96

    SHA1

    c8fae9d8befbc6db74092ec00f0fb8c41c5e47e8

    SHA256

    d873a242a50c1a337c5b60511ead4cfc887ae0a591fb41467cc67e4423726fcc

    SHA512

    27fbaf7d26547c7565ef9c614776d5999dfd4f860020f31a406a34a6ee4b0f14c1c666beba69e8e88aa75ae9ea7caca9e78852140580ce84a9f78eefd5217e6b

  • /storage/emulated/0/blokada/config25-07-2024.log

    Filesize

    1KB

    MD5

    a80ead6f0e25e5524079ecf19eeb0499

    SHA1

    e51cbd2c7052182fcb1e05419e8f50175edf253d

    SHA256

    66b9185ab13ad44fd95daa6881ddffda89e936cc681b57043ea261dae925169d

    SHA512

    6433c07371249b1223e6acf8a32babbe745c2f5d4c2559a0709e8d19e9769db1362fd536dfa29a7253d87b8cfa2c0efe85ff8ca010825783f2d1eea9792c632a