5175de8c62639156f351a42d563492440884885d38f895475f4f060597e5f6c6

Analysis

max time kernel
123s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
01-08-2024 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

2.9MB
MD5

2f9e86a38a6fffb11558d6574f0c34d6
SHA1

3a8dee7c2126324d207495d11088030a887fffde
SHA256

5175de8c62639156f351a42d563492440884885d38f895475f4f060597e5f6c6
SHA512

3646f04d461512d51db50b1cd81e67f34c6c5e21b1d3f8354be5efffb8c32e050f5427ce7305c031d1c2cffdfd95ce47c7079d981ddd746f4e27544fb951f616
SSDEEP

49152:EgWFAXE+483B4UYjZsj51LUg4+/UUwXVF6G8hL8P790ewYJWIzLDhMOJfjMtM9xq:EgXEW3B45ZsjzD/UUcVPO6J0eHsIzLDi

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	Com.ukjent.app
/system/xbin/su	Com.ukjent.app

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	Com.ukjent.app

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	Com.ukjent.app

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	Com.ukjent.app

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	Com.ukjent.app

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	Com.ukjent.app

Com.ukjent.app
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4255

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
02c7402ad84bfa78de0ccc479b943ac0

SHA1
12f4be591d8cfec2b95f4cb62fa4f02411d25e08

SHA256
5290f011dcceec97bfa3f2ef3a19f5fc99138d8b1c20c490d1a085aaee769f74

SHA512
f82add4e900093dbbe6956e9f18f15125a6b3dab243a950f4b48f384b8814c0ae168e436ce232b71163088c95ad68cf553653e1a9af0e73c324a643a5c96b030

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8b0e8412432de59e930ef1fa29fa6f51

SHA1
0beff14764c8cf49e91ada2082ff195ba63c49c1

SHA256
73fb07c2fb18b0826eb084c67be867f9830f49833ca9a33c10a4ceebf2d4bbd5

SHA512
376b2eeac7b2e84445edfa905564b045a24ee3580d219d055ebbb4d736710b951d3c374beae25bae8b49e3716500ea6b9c82adaae4219945e48c3e94f141bda0

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e12f16bab03f7fa175312f8e737fbc24

SHA1
4f721002f5809dd26c048a87e23ad09e77b8e709

SHA256
fa1a1190d1041fadb0d14ff414d4fdf90089e8e688cea6eaebd3ae3911f2cc9d

SHA512
a2e390249927e92d48480c9412d2a91585ede604da3c7659f46ec0dd72873aaf83feb4994a97a05748ca585e561901323f67e1ec62c411c1ac72535a0ca63a6e

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
4c4d81794f34a5d50386a9c87cc91dfc

SHA1
192abc9bfbc53bd9adae58a04f52f9afa476451d

SHA256
b282d1ad7e3b3919010daaf00c49911948046e69e73b1e24286b1d4acf5b62dd

SHA512
71c40f96bd778b56d0aa0070344252770bce2cac9635bf7af55bfbdb64fe2c2ea9b29f6f76e5ba37fbcd199e96c655778e7fdcf584964b1dcbbe1c72d829a840

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
37edacba8068dfbbababedd6944d095a

SHA1
9a348ad4fa336693e4b907a02414913ba45093b1

SHA256
64799903221560e15278ac49a9a6bdf2f8518913847d9e7d1fff0c93862c5655

SHA512
b75cb9db4027e35e1025ee3e0434974103b66334bea0705e7dbb7c4d4e79edb4d7a7835cd95c87ea836b74db732855378b634573255272841462b59c99815a7b

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3a43d296fff22b28cbe3438c7ce918a5

SHA1
4b279a477f408ddfff005bdfab6355ae3163253b

SHA256
2527e4484efb6ee630edb1d5d3cafb34c93286f9461edc4da853468c707d878d

SHA512
b2a3ddb41ebae30d402e6dff0022631a81e38c5d3de09a964ab5e16b816f033aeed3d2547da29a71a741d2a81293cb20d9ee8d0dce3e625735d81b72b6971aa2

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
38a5d51617e3f1717477e0569054970c

SHA1
f7ef9e1fa7dac9a9f675107d736838384dbce034

SHA256
f8b71422a003f2bfc2acdcddbbd0521b16cf9b4841aef33baa059bffc8496b27

SHA512
d3ec7fa35a0ff42efa60ef944b33f885fa3b0b982bfd67f51845b25cf61dda74b989912bf93ec25c51584bcc1e67a8b6c3bccd620b8151c1e49b2c8d875ddad4

Download Submit
/data/data/Com.ukjent.app/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
2737d842c741c57ba2e2a04bad03e071

SHA1
9fe2a67934c622428493f7d7ec5736ee1cd79660

SHA256
1fd0f99b937477b216e749ff676fcffc0b2c877c6ee18d8af835b366a966b672

SHA512
c4eda0de86f0dea0fa6ab1c2f6273dd46822c3c42f0e2052794eb7ed1ae023a0f8aa1b512bd782c84fa70ce8248d97831fd5ad92a8d1ad72d72e068cb904cd40

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF9200CF-0001-109F-45A16AC1059EBeginSession.cls_temp

Filesize
77B

MD5
32257e0c90406f6dda3fdee4a4369d77

SHA1
f70ce2cfdcf929d0fc7c4b7880ccff30a0b8c2f2

SHA256
f0234fb3db3eaf7c31c2eb80c6db88a742a7f7cd5e0ba2139cadfe379c42c8f1

SHA512
2b2f645f0a2a67f1762d68e3a3f4a366b223aeb2a2326f1914703ab493531de2ae42b0325c07e8c35ffcb385af439ff9811d7c374c17655ffd106b5b7ff441d3

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF9200CF-0001-109F-45A16AC1059EBeginSession.json

Filesize
132B

MD5
f39add421099777565f98398994502e3

SHA1
0e0eba2ddae7fcffff3a7e55fdebb313d48c611a

SHA256
1bf26fff1bf108cdf589bad1e8d507ebb968ce87049732590b8e05da652e2789

SHA512
81a919c50fb04d1bb4ae9bb5eeae860d826864d8650bd8e5a5b2e57847f64f9ffb22b4b8eed80c54e14073ae3dd1f932beca4dc6b48fcc15769c726a4d5eb30b

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF9200CF-0001-109F-45A16AC1059ESessionApp.cls_temp

Filesize
106B

MD5
c5c87dbf96b4d6ebec8b751d2803717d

SHA1
16551a0e9a5513f03322cdbea73d806460037bbd

SHA256
d9fbf790f0a9a6fb455bbf529dc0d503fd08804c12a1d59249bce7bda697afdb

SHA512
ddc943b14516a7c1484f75e8b59c837d8932ac55d3e1ee05253edf3e34bf06f482e7664828e5a8f1265c2ca3691ded74ba0d6d14cca38eeb6621674dee4232e2

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF9200CF-0001-109F-45A16AC1059ESessionApp.json

Filesize
220B

MD5
3a5a9cd77750583985788d7f31786575

SHA1
398845a38d6a93795c75fadb4fa59b2a5af5a584

SHA256
577ffa8e06fba01d0c7f8debccf74c37ecae92c662b5ca3885eba22db40e95fa

SHA512
95b587abb1119754dfe72f16a6eb1299b5532a7ab13ac5e76b616881a9a060f9e003136c1cb4f85f38a028104a5abbb024ef115fc029979b06db6aae22501229

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF9200CF-0001-109F-45A16AC1059ESessionDevice.cls_temp

Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF9200CF-0001-109F-45A16AC1059ESessionDevice.json

Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF9200CF-0001-109F-45A16AC1059ESessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66ABBF9200CF-0001-109F-45A16AC1059ESessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
395B

MD5
ee87ed2067c1418764d334fd58219b29

SHA1
78b3ba56431a06d5a26ae2c266e5482fe368a40e

SHA256
e278e796049d3c3ee97a897bf06fc1ef234154fb98af74ba0ff9c8cbfd5e8e25

SHA512
b3d97411b8a25a3a1e8eaed5000b56326f5fc9f32a4c86f7b77b4f2552833d6055918c1dca0b78240f9a8dea890341c6f3ff8710858d79342dfe04dda69114d5

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
777B

MD5
3470173af8ead3ac614881b0d7c3c4d3

SHA1
f7bb2440d723b59ed868677ed80a3f58b0ecadfc

SHA256
1a17a2a415e33b7cdc8e436cc4e2f0bebdfa59d85aafb21803e0501fa7ddb883

SHA512
186b16aced29a7b9e56f34c4ed28c8244c0b5961c837b78ec043b44dbf2fc3d1799cbc8fa13191bbd19ca26d8343f688c7fb66156a28e1227d8fea7764cf9857

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/Com.ukjent.app/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_44ce13fd-4776-481b-908e-841e30f1f08c_1722531740768.tap

Filesize
330B

MD5
46a9620bcd604b401dbe569e5bd7a645

SHA1
562b3930a8fc66c00b2ab780517580dddbd0401b

SHA256
53ca2e0d0a433ed80812fe119efa6f371987eaefbac45f4365b20bb7287c004d

SHA512
75bd144a6be4f45f91f89720bd45afe7007bfffced3bd2b0b597b7dcf8a1bd7c7ea402bd712fed7d6af23587fe5b61b46a9579591aa1941485face5a8b2b2a79

Download Submit
/data/data/Com.ukjent.app/files/PersistedInstallation4975726573490646623tmp

Filesize
90B

MD5
269405933787d8d5684c6c408d968873

SHA1
082bec8b189454dbc16016bb798357f0fe48c92d

SHA256
bd58ffe1cbcb663ea0f1c68478aa8d044b3aaa06c4dd54a1e4b59b409e6d9fce

SHA512
8104f1389a586cb2245853f1dafb14ea5817d220c39f1526c49e7e674a816d74629e3f680844a7a713a8818a39aafaeda5190a62c6d4b8dccb98062c006ff0fd

Download Submit
/data/data/Com.ukjent.app/files/PersistedInstallation6757287520138527430tmp

Filesize
571B

MD5
3005c7202db47ad02d127ba2b3c27b25

SHA1
f10dce356b53bb1f80582738b8482ade810558b7

SHA256
faf3b134e6f4cb6d559f23ee95a92a8abcfd3e0346c133b6f95913a734dffb8f

SHA512
7ea1cfe327d5e7beefda739780237d8446ae10e3dd9e591775d70146d5fa7cd3187a8117f0e276a971e26c37216eed19e6f0d3b8c2f902c4a6143c5ccd78b180

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads