c7c85c2ef691a49b381d3b5912568dc32f9a265980545a8ce43358067d659e64

Analysis

max time kernel
48s
max time network
149s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
06/08/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7c85c2ef691a49b381d3b5912568dc32f9a265980545a8ce43358067d659e64.apk
Size

4.2MB
MD5

bdd07e2dd613e2e94d18d82d1d16bdc2
SHA1

7ba3b36cfc5de359b721b6da93c43871bdc4e091
SHA256

c7c85c2ef691a49b381d3b5912568dc32f9a265980545a8ce43358067d659e64
SHA512

17172f89719ae2a39217a53d571520c26bb5aa95410109e9df7dd1297a6f0fd67b85d4f3419dc5a1a89eb4f80ef778728027743faa22aa81bdfd73867d594a55
SSDEEP

49152:yAOreIw6oYA1h3ygpLbLVoTwrIY2WkYhjWY6aWg0FIeSlMmSml/57epEjyIL/OJJ:y5reIlC13oTwrIYd9DHeSqmX7e6GJRz

Score

6^/10

discovery evasion persistence trojan

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.mfbdbrb.testjuly5

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mfbdbrb.testjuly5

Aborts a broadcast (usually for hiding system events from other apps) 1 TTPs 1 IoCs

trojan persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework API call	android.content.BroadcastReceiver.abortBroadcast	com.mfbdbrb.testjuly5

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mfbdbrb.testjuly5

com.mfbdbrb.testjuly5
1⤵
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Aborts a broadcast (usually for hiding system events from other apps)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4934

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mfbdbrb.testjuly5/files/profileInstalled

Filesize
24B

MD5
6852f7f94ebea21619d2cae1db2ec4da

SHA1
34e79cf28a79ed66a9992635eb848e7ab8328712

SHA256
9bcae5a6299f59c815d4f562e8c70583ff823d6b9df959f11e81dfa2d4af6db1

SHA512
10b2aa4a595b92fb7d97e8fa01819497d311f5d2bf5054a54d9a34745da4f25b7310ca65f16dec49ac02a076c686360a538dfca3db9636649634cbf995341a03

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads