Analysis
-
max time kernel
30s -
max time network
188s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
09/08/2024, 22:17
General
-
Target
6d6774973a12cc7724a7729f6a6ab6a7ece755f7eb3c5b339a01b9de4a1cf2fe.apk
-
Size
1.0MB
-
MD5
1e18f0bc52ba485fd1f839f670413cb9
-
SHA1
e3aae4c17029cb71a7db2abc076e77aa0a157a53
-
SHA256
6d6774973a12cc7724a7729f6a6ab6a7ece755f7eb3c5b339a01b9de4a1cf2fe
-
SHA512
002574e5d3e09197a03479160f4f308857dec1f8e2f412c373c166c27e480ae478c247abaa4e9459eb0cdaf95a951e070ff40284ba869198a8a7db48e199a193
-
SSDEEP
24576:9qA5ozZWrqvgb3NwvNHPziWGJDOND1tias3Mk13mzJLA+GvAiH:9r5UZOiG6GWKc3ias3j13mzZcA0
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.olufjxmwtz.pefrxba1⤵
- Removes its main activity from the application launcher
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342KB
MD5fae4b62f53af5588c2d79775970a8233
SHA11e439eaae5266dadf8679693a2919b5b348ace58
SHA256a9ad2199f5b3e553e0d0076b160efe7594b3378820f611069348c2f4f05775a5
SHA512820b23edde490f1f0c2a411b933619bf8bc62dd82743abd141da6d3694c7c25fd45e1d3c1b01561df236485b1d1e8e478a5321f03685b9e184ca877dac35d69e
-
Filesize
823KB
MD5503a241a6152ce2fea673a5228d9ec09
SHA1677e747e58ff657786eb487ec2bad529e1adcc6b
SHA2569a69bbe033b31a73993fb0ea8cd1e1d297a8a710a9e5c50f577e1df213eafe48
SHA5121623e8026acab7f941b98418147800a02e8efa65364f96d8ffcf1b339eb2c2ebda29cd007e2e44a25431ab7faacea34785f17baa7f30f27c33417c007b7483ea