Resubmissions
06-08-2024 16:07
240806-tk3jcsxdma 1006-08-2024 16:02
240806-tgtr2sxcmg 1006-08-2024 16:00
240806-tfwv1sxcja 10Analysis
-
max time kernel
178s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
06-08-2024 16:07
Behavioral task
behavioral1
Sample
standoffcheat.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
standoffcheat.apk
Resource
android-x64-20240624-en
General
-
Target
standoffcheat.apk
-
Size
853KB
-
MD5
d133a90e61c7bde26838a90d4fe842db
-
SHA1
4792ac23245becb101318844bca021aec0380f80
-
SHA256
795c8acc11607d4d0fd05b2dc92eba06553c810997d3682427e17fe006043260
-
SHA512
c9d92dabd62109b82392d907de2a27d17959fa1486aa226a24c5e2c9dcde4c92ce38bb03cb48010f30c5558fec364586f890b01ad36cb275e553dd69695597c2
-
SSDEEP
12288:P3lJuza1a8LVebSnGJCJ5t0UjSfImLw5WmpYshXZPbGwidNpgz2u:P3l4za1aKeaD3t0UjUI2w5WmD9idNp41
Malware Config
Signatures
-
Processes:
cmf0.c3b5bm90zq.patchpid process 4493 cmf0.c3b5bm90zq.patch -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
cmf0.c3b5bm90zq.patchdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground cmf0.c3b5bm90zq.patch
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD50945c02f2b1f4bd2bfd0994cde10d901
SHA1cff24cfd4db66a0e2ac0ea92314f2b5fa287ae0d
SHA25662d79759c09f305055e9729a30149845e5f18e8c28bda945b97186365c8cbbef
SHA512f8a8325cb5d12f8b9c5f3992e1945a2db967a0f3cedf461f6beb15fbc3a3b4807568c2301d821fe63342b4a9b01a7ac99d8ce70b2a8197721163962ee229e027
-
Filesize
1KB
MD5883020d2a1bfd130378a33678994b048
SHA1f2cd2294b4740c70e4fa2ef73b8f9570a36e0169
SHA256c3d0206c7c8314ba15cf8470091b5b97582b10bd690318b8bf9c817098bdab65
SHA512422b438bffb92c913e9d1c292b9bedcc097a830e4ae024f07c3dd2def023d091af0293b4c0b5c40aa91a7c631aedc466de90d3537504d84634c0ac18138e031a
-
Filesize
1KB
MD5ef2b800cef27670b4328d5fbcc1df815
SHA13404f36e0ea24fd4f0398307549226cad488d2c1
SHA2561ea30a9e7069855d3b68735d4369709a60db64cb255d202c6869582e72db470c
SHA512d57192185aaff108a0030144ed20ab9ce99020681e26ac26c37c20cf46e0b2b5854a7871ad7e6806e88c9a1a56a8ba9ed6e05846457b3084772a1d58bb43091d
-
Filesize
1KB
MD51f154803e5d4b04d645fa779f2417195
SHA18264642c39be261d0534ede0c584600da4f2ec09
SHA2563275d040b29e2cfd9e2c766338b67fd624f6ef8be513cd0f1c6c81e3f0ac1aad
SHA51285693395228d48143b1a1424e33f74b1788cdc0617412c091747e38c12308951ab7524ffe066a40e397e981bd221207066025557c68a24bb77376c0c733ba452
-
Filesize
1KB
MD5e7b5d4024a5b8644d535a91f50ee7f42
SHA1899da8353acef4d43c3393d3a81ce9e47b6d9ada
SHA256e1660f5d68efa77f2d0c6d1498c30e88f6a517182ba5594420fe5f371266475f
SHA5125359abfb23485783ca54dbb0175c1be6aa8c670c433c1085c3c581ab6d6e1989e77e6c384bfa1296061ce7265eede7c298ef2949b98966dfe8a84652abcaf948