cf2c8d900ff63b7e56d6d994066ef93dc94de5d07c8e8d7806c980fd3e5ce5ea

Analysis

max time kernel
3s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
17-08-2024 06:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf2c8d900ff63b7e56d6d994066ef93dc94de5d07c8e8d7806c980fd3e5ce5ea.apk
Size

3.9MB
MD5

3c7e5465ff66068f00989fdc9acc36e2
SHA1

054d442c7497d220d673d73f6ea9fb4c04cf4707
SHA256

cf2c8d900ff63b7e56d6d994066ef93dc94de5d07c8e8d7806c980fd3e5ce5ea
SHA512

43b42a3fe729b449ac070ef7ed5aacb6ef9e3a3613a1e1b701f7477c6a5b9147e875ebd6e94868ad2dd36665319b4c5508f51714c440af681e89ecb4de849825
SSDEEP

98304:KYtxPuU8bybHSDRSLds+Vx375CoaYHAvtdmbE8Du0ZM7DU4d:KYtxPSbybHSDRAVxLkVoAME8DZM7Df

Score

8^/10

banker discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

Processes:

com.myprog.hexedit

ioc	process
/system/bin/su	com.myprog.hexedit
/system/bin/failsafe/su	com.myprog.hexedit
/system/sd/xbin/su	com.myprog.hexedit
/system/xbin/su	com.myprog.hexedit
/data/local/su	com.myprog.hexedit
/data/local/bin/su	com.myprog.hexedit
/data/local/xbin/su	com.myprog.hexedit
/sbin/su	com.myprog.hexedit

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

com.myprog.hexedit

ioc process

/dev/socket/qemud com.myprog.hexedit
/dev/qemu_pipe com.myprog.hexedit
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.myprog.hexedit

description ioc process

File opened for read /proc/cpuinfo com.myprog.hexedit

ioc	process
/dev/socket/qemud	com.myprog.hexedit
/dev/qemu_pipe	com.myprog.hexedit

description	ioc	process
File opened for read	/proc/cpuinfo	com.myprog.hexedit

com.myprog.hexedit
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Checks CPU information
PID:4315

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.myprog.hexedit/files/shared_prefs_sdk_ad_prefs

Filesize
181B

MD5
5f1a61cd768d1d0d2ba1f41af39ed1d6

SHA1
e9efaab032c07d485ba10b77448eb05eafb5a8ce

SHA256
323711ea097e99a032b55fd7c52e319f64c28762778f63760046ba3f368bc082

SHA512
2a89c90459c010d2e0a943bc5fd085d0472d9c167e827dc7d25843b66a88e284330827767c4978a96ac3c763fa18242bb225590973fe0ca2fd321d28b04e4d12

Download Submit