cea66e6222869e0f2b4f5a0ae51883756e3bca7b0618eeef3dd8f0070a3c7658

Analysis

max time kernel
178s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21-08-2024 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfgrt12.apk
Size

7.6MB
MD5

8438b7b2652e51fd6dc94f13028078e8
SHA1

9fa466509bb3ea888279d7a6c8e70e201e4c35d8
SHA256

cea66e6222869e0f2b4f5a0ae51883756e3bca7b0618eeef3dd8f0070a3c7658
SHA512

df21447280b65076506e062ba12ee5a97aff98d39db740e58c0f0d5ee8e1f759efbf3ffe01206ba9f209a194cc3cd6cae99d2d21e0389e6a2196f2614b4bf4c0
SSDEEP

196608:f/pBo1AmP13wA3OaH3Wo19YDeAt7PoIxr2ONJq:f/DoOg333OI3TQB2Ixk

Score

7^/10

banker collection credential_access discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gorwkesesse.TinkoffId

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gorwkesesse.TinkoffId

Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs

collection credential_access

Access Notifications

T1517

description	ioc	Process
Intent action	android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS	com.gorwkesesse.TinkoffId

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.gorwkesesse.TinkoffId

com.gorwkesesse.TinkoffId
1⤵
- Acquires the wake lock
- Queries information about active data network
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4242

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Access Notifications

T1517

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Connections Discovery

T1421

Lateral Movement

Collection

Access Notifications

T1517

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gorwkesesse.TinkoffId/files/profileInstalled

Filesize
24B

MD5
a9335b82a56fe8fdf18d17d08c9f5edd

SHA1
66b585280765a18eb375317fc9719a499e7feef8

SHA256
5fa23d86a3c93acdaf7b4c6487c9d8b85fdc6cf48fdddd5b7de88da4a37512f1

SHA512
2db988fbeee2ca8653e27047f2312216bfd3e155a4cacd4a28651b806ed03e337a8d818a7e925d9d2619db83a859b84432c86138439d49857c0198093e438c57

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads