97b58fc8798526bfea35ed6ff26272263d332554a75672a3bc54a0a56cbafee3

Analysis

max time kernel
106s
max time network
113s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04-08-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5.apk
Size

3.3MB
MD5

b731343b083f999ae0271d19ec92da4f
SHA1

05e5da65faf6fadb2a3c8dab2eb3d888ca6fad9a
SHA256

6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5
SHA512

84bc70e927af425b430b7a79797e5207eb6b8d33892f2b37c80e3f8fcd987a70a8e44dfccbd3b356d98e6ed413ee1dccc42211cbbe4311adb19579db6cd46eec
SSDEEP

98304:IEVF6aL7fDW3v0AMYfccAYUMF2yIOcX3i9MNIXcK:I46x3vKcAUGOcGMK

Score

6^/10

discovery evasion persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.shz.shzkisi

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ir.shz.shzkisi

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

ir.shz.shzkisi

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.shz.shzkisi

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

ir.shz.shzkisi
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
PID:4495

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.shz.shzkisi/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d08d9a74707ecc2bcf19b6ec9fb63bf1

SHA1
8080b4abad7bd6b95997a57e804f09dba4c9aa52

SHA256
e476829c5cc1d728d2b58dbcd383b40bbee39ac4cfd8782e027af70edcc39944

SHA512
df6fe86968ef621a3c65a2191b5f80b1441b4eb1f8deffc895242e7a3c9388858f46e37599feda77e165e500369bd80f54286eed4f6ce4f6dc47f51fdeebb35c

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
80b0929ed65dff69e26daedd93cc36ac

SHA1
c3bd2baf4e0da39a2aab202c8c9732bbb7850b20

SHA256
0889a37a58efaf3bef8aa57f1a0910621a59c4cbaf1a1f24fd4d0a71b27ec9b9

SHA512
f16786669aa8d57aeca9f73a159b212a9cfcc41045dd4820c10219b31b581ec655af29bfd9346e2565c1f8ddbda3d4d9ce091de94a9599716d624ea0c12de9c1

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5c1e5740456826d16a7ec39047204df9

SHA1
78562e062f971a97562228df05d2fd704af88c33

SHA256
006e82fbee1879fad19637ede7cebc820a6ce833c7ce407f9ed304ff0ae5ecb2

SHA512
e68607b5edf56f9b2d7b7c6c4ad3bcc7ad448000c35a849267b0766cf3f1dd18730510683c54aec1be20056e35f93e53139324db2b3844636108b7a24353d148

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cd8756770322f36527c148954a4ca38a

SHA1
003a541b07b431d168a23feb2e23a3e9d2127e7f

SHA256
f9f39c4392d4a222bb23f3cd54e50b787bd90d76e196249fa239f8262233f88f

SHA512
c284aeb29ca12b6acb477f29358177f309c5372dd28fa6f4b324e955ecfb299777f7f6fb977fecd3ad6faa120f92aa5307a9768ab0f0e05d3bc3e9520ec651b6

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4f6889f35a4c68a1bbbf52e9c4696539

SHA1
1ff12eb8d25202b26fcc9dc202ce708545dd48fe

SHA256
225de6311977023e8e15811645cbc0b53f9347159e592a6eab81f18b697b6331

SHA512
c8206d1764380bbc5f0c76568210a8a36f3b8ea3d0ddeb720e494598d51a51c50ea4279651c61492320f4e9fc9e0eb5fe4a94346ed3321ffff0f00070996a1b1

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a5715475a779f5195009e47550d0a493

SHA1
70e2cd44764a2113069e38b532b49533190a7494

SHA256
2f29e1644f72b4d1d3db598afb5fa6e574d8d80363666855b95d6fdfbcab0fb5

SHA512
590e0407faf2053db04163c0c0a47eb16b8abdbad48378964232b1c2dd6c9f0983d43f8d918c29805182818abf16c81b6bcb4566f081499c2d91bde219aba8c2

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e8ee8d3691f7517ced91c946c9aa0b5f

SHA1
b6d6aefcbfd6fd6f697d7c273da634b9368e254a

SHA256
da7ec69e20fc811aa71903ef661f38bc3b14a16b57642cec8c87a536201e6c62

SHA512
06e5f5a424c1964603d0838c9d2d13071b65844964d72e2bc24a3adcba9278b34fdbfa7b43504812d9176d1e2bdfb8a1eba10ea3d37c54f8ede516292710a94a

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
901528bd5678ab2fb22c2a3db8d06ea8

SHA1
bd5f28ed081c7435f8f889dfe19d112dfc1e71e5

SHA256
b593ab51a2b6bbb2a6e412a6abfafbbf02e00207469709b5ec696230e13bb641

SHA512
9c679d60552411aaec86536d2daa1ac2cce066bb23e2eff23064944f76718d182bf1408c079e2528a9283dc6241d689937d3e0b5057ec39ff57055f6097f3afb

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0054e6fe41d85b7e80a7ed636789c160

SHA1
e089dee51d916df4d4f019701a1b1cb9294aa43d

SHA256
b711838e3754709f57f42f3be6dd2227703ae372185d8a1d08857f29a8b3a796

SHA512
c366ea71ad044fa4af432ce9c09d876037ff06d671c877c4976d724f18217c924925bda0656cda2817e2694e2dc2347e21259763d0f548b21ad359ca5b891878

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
4f0dcafbfdfc8ef74b8ee06a9f7042b8

SHA1
92b7d6818508b1fdb001bef81f7a187ff8dc2380

SHA256
2a1cdc047fef7d3c71f4c1212aab175caf20d0b48ac9c58f96bfc945e69a43d7

SHA512
77f0aecacd06a573bcea10fd0922d9d99a81b86b54d258a426b7537b89103c65b49f6fc52b20984c14601b28b4140e7ca796156de76595f7813e4458b3607399

Download Submit
/data/user/0/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6777e50c5a7fa7b4cf4e40c3d0ec706d

SHA1
c0580db3e36e847f7c33d2fd9dd083d8a8490f26

SHA256
7f5f532a85c130052b68dd74af3ce808757f195154b34a94f73a73537ed60627

SHA512
ae5970ef7c5da1de24d11b9d0acab0f7d3aea2ebb0b30bbc874e470444e410f86ebae44a6658469f9c28b975c7cef4fca60f2e8ab617e5475731f3634c5a6503

Download Submit
/data/user/0/ir.shz.shzkisi/files/PersistedInstallation3777101146051267764tmp

Filesize
90B

MD5
63858222421d8734fa03a0a07bfcdf4d

SHA1
b5d888e6e0ccf405ae5f110e5c8ecd6aad5fe8f6

SHA256
e1198ce03f0b114269ff85f7d9921e4531a5757833a43b59157fc0d3b7359f3d

SHA512
602e6eadddc891a16260490c2eb4e847dd37896d3efa520e904982daf5253e587da508d7a8a7cc6c54fde6a221698a7702dbfa1e71ae6c49b4227fe8bb906668

Download Submit
/data/user/0/ir.shz.shzkisi/files/PersistedInstallation4341620987459129954tmp

Filesize
567B

MD5
5b43063bbf2bd81195b2c94bfa7fad8e

SHA1
cad24c8b9c95c137a5936c3bc134fd5adf9d7b23

SHA256
d4e725edd1157be26770806de9de7c5a534a6a162848a91f7718343221b284bc

SHA512
ba3cc8e5cc7ccd51d2b77654216b66fa42b3dc449f3499341c5add951ddbed4e6e5e65b867c48abd952dbc87c20fff875c714debab0f992fd9c0c415842b7f31

Download Submit