97b58fc8798526bfea35ed6ff26272263d332554a75672a3bc54a0a56cbafee3

Analysis

max time kernel
4s
max time network
86s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
04-08-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5.apk
Size

3.3MB
MD5

b731343b083f999ae0271d19ec92da4f
SHA1

05e5da65faf6fadb2a3c8dab2eb3d888ca6fad9a
SHA256

6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5
SHA512

84bc70e927af425b430b7a79797e5207eb6b8d33892f2b37c80e3f8fcd987a70a8e44dfccbd3b356d98e6ed413ee1dccc42211cbbe4311adb19579db6cd46eec
SSDEEP

98304:IEVF6aL7fDW3v0AMYfccAYUMF2yIOcX3i9MNIXcK:I46x3vKcAUGOcGMK

Score

6^/10

discovery evasion persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.shz.shzkisi

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ir.shz.shzkisi

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.shz.shzkisi

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.shz.shzkisi

ir.shz.shzkisi
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4969

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.shz.shzkisi/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c836f4cb391166d72967086123808f15

SHA1
8ededd6e6a49d53d9328808aff0e725c863872ba

SHA256
8851a108472622304b8a86058ba3fb28421c488d145df9fa6d6ed9997b2947bd

SHA512
6e544762d5c2cb8967f003445b1345209bf95cedd2e4620ff1f9f027a308529f5e036b2ff3caae89f5a59ce79a01348f64a6bc36e69e5b5aa83d86a61fa608ba

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2e22c32bc3061fb39cd751606ee72cc8

SHA1
d3c5f13733a0c84cbbd9b4bf53a9fec25b9e1d9c

SHA256
ff13236b4a04e1d1315b946355b1c581eb832bc1a6332c750214ca02282a2f4c

SHA512
061b2f6c2186569c2f321eab7dfd77205026948902d804fed4cb089406c077cb3db085454536b6b97d427d96b647fd90d2a57d425e8e9632a43ca695e50d8c40

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ea01c1b45922b86ccb08ce34c6f2c0b5

SHA1
f51da7d7988d13714320e11b1286dfdb50a53e29

SHA256
fb097f43bc371964fdfcadf30c0e966723f2c42c1879251a06c7bb5f3a3d890b

SHA512
21fedef7ac92cdcfb4287384da3c7f8208f08b2e1ca98c77a23de4c49408d30f5cb0c9d5188739fdcca352207df856c1a027ebeacc4a5e70b65bdc044399905b

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ccaa26871d2938b0808738152b0cac37

SHA1
e47407f51977f5627169406499a83f521cf75b00

SHA256
655eaf7e721d2d2f5e3b0b324b552e0a2903395c6f7a014dd87b050a3bc3ab79

SHA512
a274372470bef39cfc7bb2cc3329cddbb6469b70ce3fd1fa9df13987eb7b4b66b3fd269bf192f8a3110f12a3ec684b41bce3d5e3eb53e2906925d655dfc62059

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6f77eeb80014d184ee4fe9f0afa4db84

SHA1
9b505b7115adb94671d0a5ecc41a6802ae353ce6

SHA256
e8da85dd55490eb7d86f991380f701aacd9d55ef464f72b152a4f91bbe2b35c0

SHA512
9129caae17d3721fad12429fb31107021bb536f01c995f3ab5975a3a592857541908c63951cd80eded3dbc94ab20c5bec45efb790cd7fe57d6339fb5bf3414b7

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
320d4a095b0cfb4c31a2efb5d5a200c9

SHA1
44106546f4fb73e483e34e49cae19e8ad8f2557d

SHA256
53b99c0b1b903ea30943f5aa8d957adea98f50cf64410fd20bc00c165b3eb721

SHA512
05cb0bea2ed873699eccc1e551d55386d4902b54300541dd887e15bca5533a674a655776efd4fdd5cafa2b0fcba78425f5eac2a3379d7127aa2bd7b18a3072bb

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
68430c6d77263cabfea8f7cfee0dac67

SHA1
50be1c47877eb4a21739b77b91fb232e799c69db

SHA256
ef506962565c4ee64490ecbea57ba5d117a697994a261c8f5397c1a3ba97886c

SHA512
b4f567393299ca58e92e495a6d0ef86adf4d0fff9a1614f8d32da9b20d807a2f0e2e177c27b36aba27d3d4edd38e0e6c4b17c114a301ed055cd678a7d53a090f

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
880301f3a1419e1583ffe78040917e62

SHA1
5e01b7e21ce816720d06ddcd0fba64199fa673d7

SHA256
0e2ab674725dfdab113c55033c3eca3c87ef0e0e4027c5b6a593b4b2d15ab939

SHA512
8c4c0a7542b6314f660e0b21019f40fd388b41942da4e27c1803c3af1613d591817f0c181a365a8e087e71d5fee2ca1ad845906342a72b53b853a20dd0ad94c1

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
8cd5efc0e6b53b8f7a38d4b1b0b2957f

SHA1
1cd9534b06484fb4c96a712d0ddf9b9b19343110

SHA256
c16599783e4cffd3fa975047cc54442f2cfd503ffd464e2d7896d25aac9b3e12

SHA512
8465fb25bcc9c4c15fa19fcb0e4002a72dc47d8271fa2284fe11f38560c5d123027ab9296cf6c35f6972969c5e9cd0bb31329339b6fa1d608fbc9f1c4b5626e5

Download Submit
/data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6ee804fbfebf72cf527bdfaea5641ff8

SHA1
40ba3f41255cfa16b68b6e143a979c4c648e054d

SHA256
1574fac2b5805a4e90e8405bf60e23c7ec521ee89ebcdd244769ed4c0f5ec75b

SHA512
91d6aba8250a940203f24f965387e7b4a8c4db86e443c9d2ad75b539cc6a419421b61fdcc0a0e414f67836c372733589de3963792272efbfe15bfb8f55b78e24

Download Submit
/data/data/ir.shz.shzkisi/files/PersistedInstallation4003491445521241114tmp

Filesize
90B

MD5
8c0cefb40b6611afb9171458d2410307

SHA1
3be50ccb754d2ae1979f896204548b500bbb5a12

SHA256
3d5e4b9c6dd424dca4ae3110d0a1d2ae715ec3e64e7b0b67eb24478d324913af

SHA512
18dce8b0155f16618b0c9575b9d6ce4002f33cee25594e269b37c0336decc22a6410f4a3ae687f517a96e8de956b4b72bb703c233a61ea917c72029e4e9b2d10

Download Submit
/data/data/ir.shz.shzkisi/files/PersistedInstallation8539773247017651107tmp

Filesize
568B

MD5
ebc13116be6948378fbd28c4067245ea

SHA1
6af3332a4007d2fb1af6a108b94c5aee17cfc1ea

SHA256
cded41c63d45799a3a43d86d217751519f49d0dba8d2ac58c29a6760a272a291

SHA512
58cab535f553d7da8451da192fd744a0af6138a3b5a49ebf4e9898bac5170d5290af3736b9eb637bf1698fcda3589976dbec45df06b165f6c30c55dc8f2fda24

Download Submit