Analysis

  • max time kernel
    4s
  • max time network
    134s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    04-08-2024 01:57

General

  • Target

    6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5.apk

  • Size

    3.3MB

  • MD5

    b731343b083f999ae0271d19ec92da4f

  • SHA1

    05e5da65faf6fadb2a3c8dab2eb3d888ca6fad9a

  • SHA256

    6461851c092d0074150e4e56a146108ae82130c22580fb444c1444e7d936e0b5

  • SHA512

    84bc70e927af425b430b7a79797e5207eb6b8d33892f2b37c80e3f8fcd987a70a8e44dfccbd3b356d98e6ed413ee1dccc42211cbbe4311adb19579db6cd46eec

  • SSDEEP

    98304:IEVF6aL7fDW3v0AMYfccAYUMF2yIOcX3i9MNIXcK:I46x3vKcAUGOcGMK

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • ir.shz.shzkisi
    1⤵
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4256
    • ping -c 2 -W 10 -v google.com
      2⤵
        PID:4300

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/ir.shz.shzkisi/cache/~test.test

      Filesize

      4B

      MD5

      098f6bcd4621d373cade4e832627b4f6

      SHA1

      a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

      SHA256

      9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

      SHA512

      ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

      Filesize

      16KB

      MD5

      52d34e917e45bf033c7d9d228f0075f4

      SHA1

      a46dfd19c0a9d03b77cedfa146c397c7d4b0f152

      SHA256

      0e603a4ee8e5800dbdee903e4cebadb491d80680175e082f819518fa0f18729e

      SHA512

      90b0f3eccd376b1e1cc926601382f7012a85e7c27c8f96bc879e9d0c0e5d57945a36f201319382f97fe40f25d4fdf8c83d009c0b2fcec7d52304f3f3b5801cde

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

      Filesize

      16KB

      MD5

      72a0a0b82af95b1cca85fbce07c858cc

      SHA1

      c656a62a9d995a1e277699cf5f2db04921727403

      SHA256

      26afb57494f269232dd7819432ae11a74857b50203e411ccf6b6ffb4474d63e9

      SHA512

      20489029d8298961880e0758078c6e3e787160c86cf612256190a4132fb87b5afc64a9ce95857ff1ce5676cc1be6cb4b6ce13ab771755e85a2d60b3d787d75f9

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

      Filesize

      16KB

      MD5

      d853cb3abc99bcbef2d328d10f01dd5b

      SHA1

      c92882f5a2deeddc90ed36ac20f87b27b2837809

      SHA256

      69923e8656e025898743c1ad8623c51faaa2f64ae85af8650936ba52139a6226

      SHA512

      d01341291394b2cdeb54b15f4d14fa1f733f6188f054e1b648ffe0ff5e897a54480f9983d6bd2f2cf70f94d1095b0376c1ff6616c29cf8335ed2264e30b3a532

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

      Filesize

      16KB

      MD5

      a2c83b3a06e4506aa53193e77289645e

      SHA1

      7d5c2faf1f4b2b1e4efd50e36f3f8d383f8dfffc

      SHA256

      ab678ff95531fb395e0ed8320a32d35f1714ceb227acd01555697426d041081d

      SHA512

      525df95ca955c8eee8c3318f56ed67f16c2ef6cda7140e0183bb47ac5537ff7d63cdb1822767b38437e5aee603e4d1b088539d1437f24862eb7675332dd62940

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

      Filesize

      16KB

      MD5

      3e881d9a01ca707bed38018ac69f4518

      SHA1

      5820f9351d7cc8082de6e5686eb9f8fedf6fb830

      SHA256

      4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

      SHA512

      8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

      Filesize

      16KB

      MD5

      7237409e0640cfab7bdbd429bf821a3b

      SHA1

      4c3da934842f8d4835dfe2a9c275a300e5123309

      SHA256

      5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

      SHA512

      c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

      Filesize

      512B

      MD5

      d924a0f7141fd5270528402f2b6b119f

      SHA1

      334a93916ba6ca11ca2e49b02dab20db5f2963de

      SHA256

      6850fe82b86b013453d71a0a9ec8597831eb9992479aae9209a24551fb9c6884

      SHA512

      769e787d273964cd52a1f32cb4c7b769f05c7421fd2c1c25bdaae3bad10bd52512650c5e587609df6573afc3e939a0de882bd9f15e04c4dd3c89bb8732c5e336

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-shm

      Filesize

      28KB

      MD5

      cf845a781c107ec1346e849c9dd1b7e8

      SHA1

      b44ccc7f7d519352422e59ee8b0bdbac881768a7

      SHA256

      18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

      SHA512

      4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

      Filesize

      4KB

      MD5

      95a3c6cbec9538c30488db1ba65f3756

      SHA1

      6a26864fe3e91196a06cec7720bbc1cf8316b5ea

      SHA256

      f47adc8773697f575168bc37900f43c4e26205797dfad891d8171d022a24c187

      SHA512

      3bad0b4f48399dc1d9156714602e18f17e17bd79065e3052dcda0a933a0a9148479ffa286e71fdeed0a97d9e88039312ebc13b1d66caa49dfd1e15656f9ccf01

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

      Filesize

      4KB

      MD5

      5fe9793888fe139bb2a0a401dec63f33

      SHA1

      d362978b2b3a3077a9c412277129ad8abc282c0b

      SHA256

      618414e65ebd527e86a794e82af3bda9648775ef0cd623e5dd4413da9621a8c7

      SHA512

      70a0d9279fb038a1c570b00c199f5484dbe1d263333c7bce408dc97b546ef800023a224fb08b9745305730c05d4ce2f8733255f14acc828627a8fc387c29f7ca

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

      Filesize

      4KB

      MD5

      3bb94cc61639c69805b0e6d7aa232cf9

      SHA1

      114824f27cd5342c5e728991e2f3bd641b7e18ef

      SHA256

      1eb674fa5b725a755a5874c6396c70a235f60585e071862d5aaab16f142d97bd

      SHA512

      bd8f9b280023dad6cecd3e0f9e00285d75c5975c44efdfc079af45a79848d88fb782abbf0a83e7b33111a8d806fdd25d4c1cfd2b94cf8efb8d7d2430dbd816dd

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

      Filesize

      4KB

      MD5

      34d4726dda4179707576bff5f48d40e4

      SHA1

      8f50f25b0eccebd68dcac18097ea0512251cc679

      SHA256

      4818fac1eff656cfd7b0d7bca91e7f96700d22b9ef75d69f7644816a6988aede

      SHA512

      77c1a08428deb34a708fa0f39f8c75a8a65a9ac0551b40e687cb3d1f4cb09b28002d9387270f7048fd40383261fb225f8afc2bf75ebba0386024e90b53735477

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

      Filesize

      4KB

      MD5

      bd990eea6027c0a00a3a803bc8db4549

      SHA1

      abfb98022418027f6f04a903fb91c6d53d0b5c4e

      SHA256

      edf6771cec826d840c6a0e85a928b72abb908d0999dcf1d7ffc372002d4c2d7d

      SHA512

      7fb16fda7d4742815a86f8ce0c00e05eb0cd3dbdbac512b0c47b512d54a8a874ed143948340a66753c090740cf8e8b63a471b48f2e6655993c8b9d96f8bb5cc3

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

      Filesize

      36KB

      MD5

      22d2217e251f3c2a931b7cf32136a249

      SHA1

      811f900938f93b4504087405aea141d6b739bcd9

      SHA256

      58e6e33fb1b839da36bef2aad81bedccba70fc7e03e5e9e8b7e6b7ee188d1a09

      SHA512

      9943e7f58353b27f2714c8da4f4598d1dbbb2a940845a26736682f9567450c8be47ba3c4e770479e6684d369d1deb6460463c5b981b5878b3025ce8cc5e4ef8e

    • /data/data/ir.shz.shzkisi/files/PersistedInstallation1858639283229503643tmp

      Filesize

      566B

      MD5

      9699b2c61f54bfab1725a968d4c3487b

      SHA1

      7a981271e671ad480ed684807125113cadc865b6

      SHA256

      8e5bad2ffd72d913e026bf4b6857ec449f5af49b95c7e96944acd87b30da3030

      SHA512

      eb981a096be9f9f0fa6a016ff5d59f294889fbd6f470564af00a717235fa8758a29ed64044ae32b9693f7822f307fc02d8fb16be09c82d2c19d9b32fe661e14d

    • /data/data/ir.shz.shzkisi/files/PersistedInstallation6746484419962375788tmp

      Filesize

      90B

      MD5

      3412b1cd671c9065a342448bd6a50e7a

      SHA1

      c7a7170a5cf584ef78e76a4a93ee9f57c83bd1c4

      SHA256

      eb54a151d658cd48645633583b9921561a4f7645735ea54756d5a92b7b379a8f

      SHA512

      bdefe1722f10f3effbd79c8e4f7f9d844b7e2d907210040237a6f01937ee7661d4024cbcd45e0168baf0ef7882a3c552e890187e4d59b7c2b2a2a3e44710c3e6