Analysis

  • max time kernel
    2s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    17-08-2024 06:41

General

  • Target

    cf2c8d900ff63b7e56d6d994066ef93dc94de5d07c8e8d7806c980fd3e5ce5ea.apk

  • Size

    3.9MB

  • MD5

    3c7e5465ff66068f00989fdc9acc36e2

  • SHA1

    054d442c7497d220d673d73f6ea9fb4c04cf4707

  • SHA256

    cf2c8d900ff63b7e56d6d994066ef93dc94de5d07c8e8d7806c980fd3e5ce5ea

  • SHA512

    43b42a3fe729b449ac070ef7ed5aacb6ef9e3a3613a1e1b701f7477c6a5b9147e875ebd6e94868ad2dd36665319b4c5508f51714c440af681e89ecb4de849825

  • SSDEEP

    98304:KYtxPuU8bybHSDRSLds+Vx375CoaYHAvtdmbE8Du0ZM7DU4d:KYtxPSbybHSDRAVxLkVoAME8DZM7Df

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 8 IoCs
  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.myprog.hexedit
    1⤵
    • Checks if the Android device is rooted.
    • Checks known Qemu pipes.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4244

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.myprog.hexedit/files/shared_prefs_sdk_ad_prefs

    Filesize

    181B

    MD5

    5f1a61cd768d1d0d2ba1f41af39ed1d6

    SHA1

    e9efaab032c07d485ba10b77448eb05eafb5a8ce

    SHA256

    323711ea097e99a032b55fd7c52e319f64c28762778f63760046ba3f368bc082

    SHA512

    2a89c90459c010d2e0a943bc5fd085d0472d9c167e827dc7d25843b66a88e284330827767c4978a96ac3c763fa18242bb225590973fe0ca2fd321d28b04e4d12