bfa612757463a5c569bb0680073a8a6ce3905e09c425831096ac02bcf9463906

Analysis

max time kernel
11s
max time network
106s
platform
android_x64
resource
android-33-x64-arm64-20240624-es
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-eslocale:es-esos:android-13-x64system
submitted
22/08/2024, 19:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

com-mod-wavelet-mod-apk-24-05-premium-2168.apk
Size

4.6MB
MD5

0f8552f52f97698805d25729aea89ec7
SHA1

3b5dfc7726041dbded108a716ce6581a179b1992
SHA256

bfa612757463a5c569bb0680073a8a6ce3905e09c425831096ac02bcf9463906
SHA512

482c402277c6889a8fe3ffff3b237b0e8919e7cf75c620e227ddb90b6c97827e98b973b6d04e441fd0e44cbaea796ea597779034babb8ece9c571bd719a99e06
SSDEEP

98304:pPwXL8hVyaN9Fm/M0hLQ7Sl3ty9tkdLkz1rkR3pIZ/Krmpe:ewhVDzFmkNOlE8SlCb

Score

7^/10

evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 8 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4280	com.pittvandewitt.wavelet
/system_ext/framework/androidx.window.extensions.jar	4280	com.pittvandewitt.wavelet
/system_ext/framework/androidx.window.sidecar.jar	4280	com.pittvandewitt.wavelet
/system_ext/framework/androidx.window.sidecar.jar	4280	com.pittvandewitt.wavelet
/system_ext/framework/androidx.window.extensions.jar	4334	com.pittvandewitt.wavelet:service
/system_ext/framework/androidx.window.extensions.jar	4334	com.pittvandewitt.wavelet:service
/system_ext/framework/androidx.window.sidecar.jar	4334	com.pittvandewitt.wavelet:service
/system_ext/framework/androidx.window.sidecar.jar	4334	com.pittvandewitt.wavelet:service

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.pittvandewitt.wavelet:service

com.pittvandewitt.wavelet
1⤵
- Loads dropped Dex/Jar
PID:4280

com.pittvandewitt.wavelet:service
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
PID:4334

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pittvandewitt.wavelet/databases/auto_eq.db

Filesize
6.8MB

MD5
53b19da3d13c5ab3745839b448f2da07

SHA1
a0e579cac4e613be102c44dd1fc3f7a3ec83d766

SHA256
258c5c06836612ed2009580b40f391fd0573038f9edd09d1d73fb7ea68aa9d06

SHA512
30c99a7a147298314d3f8f6f8fd750951d5ac516e871762c8e47043fd7e5e1b59744d71453a84f2165bb4ae4212d6fcfb3c256b9675cd1220bcf5df28c4425ba

Download Submit
/data/data/com.pittvandewitt.wavelet/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
71a1f9158985a96ea6a4e49bcfc28952

SHA1
d33ed9e1c1f09dbe9c9d12005c75252eced93ca5

SHA256
61384a01e720fc7a6dd621f18b1cbe6acf4498e2f443ab06e3f21f7477297440

SHA512
7dcac760f48ef511092481b20faeb4ddfb3acff601398a61da5e26ecc171fb7270a36549cc6c363f524f97173d9aa795e2ce04cd7f0dd2ef83aace8fdddf1fd6

Download Submit
/data/data/com.pittvandewitt.wavelet/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
abbbb97459f47124b943349b990a14ab

SHA1
e9e4972c51637043d4d62058b4fcd54633084e9a

SHA256
87ade7cdf5aa5267535b67fda3610e6564b81c44e2eb8cf87633d934da952e1f

SHA512
dce53830136626f5cdbfae985f576ad2d69adf281b702cc18ee5bf7e94f9ed172c2df67302d988e268af50081d662618d70a7793fe3a816e2d0c41ee54f2211d

Download Submit
/data/data/com.pittvandewitt.wavelet/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
140866f6bfc8737fe01174ca7b5daff3

SHA1
42731ca86f9ac9d96c993e158e2c98084190fb97

SHA256
9b05f584c2a96285bd0ab5b12b2e845bc7cb8390459b9d4c271db16373240a95

SHA512
c40797a1952382749c6c95ac320de8ab3918fd03ae588fdaa4ce9a81e2ee8b75c9283b4b9e9b4a7c7e4f9630b67f6b4b4d71fcdb9d65e1a1ae43a724a9f9a59d

Download Submit
/data/data/com.pittvandewitt.wavelet/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e7f7a42f103de60ff04db3cd7bc723a9

SHA1
287427417eeede882383af53620691ded014b162

SHA256
71ea1f9ed2da01dc43c507156bf4dda1ce1051a5156e28871d8640b15a8e8931

SHA512
8f36eb9f5d58837b9ca7b15ff86fe5c9d08744cf89728ae6665801dc825a51581dea714dedb7fe562b0638b61ac65e6c0c92144220c5511252f6a88f5a2adb6f

Download Submit
/data/data/com.pittvandewitt.wavelet/databases/sessions.db

Filesize
16KB

MD5
f2512568f0c857fa7f9908d65e79dd20

SHA1
e6f5b0a934398dbdf011b5310e055cc7eec9bbba

SHA256
e0d47a9849095202b92070b343918b4ea2e42703f69effc2861a534472e62225

SHA512
ddc9326bd00376ba8567590488a66a9e0b2e64f49d525f88f8a3ca1a843fcaca461db1a6155bd55409d5bf508c83f921a94244665d569525fc54422bddba0a40

Download Submit
/data/data/com.pittvandewitt.wavelet/files/datastore/Speaker.preferences_pb.tmp

Filesize
1003B

MD5
931245e5c59193d96710c7d5e6a9a836

SHA1
f802668631dbfa5fca5c3a89bde098acde55382a

SHA256
0d5fc9dfc67c25f1c8f35d1dfe63cbc20ce92374454b2fb535ea3bf745b334eb

SHA512
f18628c28396584da086c12e8f972d52225373213c3e402432480825d92df2a042bd942ea4699b2f161d322fe9e04ab68f077f801f16da0da61de0ce5ae15361

Download Submit
/data/data/com.pittvandewitt.wavelet/files/datastore/Speaker.preferences_pb.tmp

Filesize
47B

MD5
98911ae7513bcab4e796a4773837c1de

SHA1
6e0f8a1eee2aa7fd170858a0da8514967136a36c

SHA256
55dc074039654710dee944587ec77c2a492dbfc58682d3c2378a070e87efcfec

SHA512
fb23101981817342fe4910337707b130f9905c508a3d55b5a1fec8c02269cbd5d48fbe0c2fe5f5460616bbdf7b883535815935bb95eb7d2b22f6c8283b5d5e53

Download Submit
/data/data/com.pittvandewitt.wavelet/files/datastore/Speaker.preferences_pb.tmp

Filesize
76B

MD5
d0c95fc9a58c1a43df6e1e9bb40c9d84

SHA1
b2ea8e78fb9253c5f5a0091e2f873f4359c811e7

SHA256
3f29035bb15216918a6dcc54322d0f38e0bf5ce9ac09db94f6b6c5e1a53be377

SHA512
387c5c1462fcfc07e74a0dc12b7fe58e5652302b36afdffb6546c4d9cd52ed07d0b1a307f38418a7712f7c8b8b2ca2a4d3930f64d3801571dba4cab584fe8ade

Download Submit
/data/data/com.pittvandewitt.wavelet/files/datastore/Speaker.preferences_pb.tmp

Filesize
101B

MD5
e0a821698cb950b3a3203a58e4f328f2

SHA1
f952ca058215c5f2dd0d2b04a913b02e10717368

SHA256
5d7eb5b7cbba32b3cfe71049d6b6604b61aa2feebb0242e7e144632f6bac0b24

SHA512
0a55f5ae6ec78a34c5bb84db2711cfcdcb7c8db5645e733de409c2a096a352ebd80cd292b552800a47b1b923eefcb09a109b53a2f9d28e38227ab9a822b36457

Download Submit
/data/data/com.pittvandewitt.wavelet/files/datastore/Speaker.preferences_pb.tmp

Filesize
129B

MD5
df8d898adf905258e19eff81e6ab0da8

SHA1
cec00033402ebff48565419a708ba3a34cd577d4

SHA256
1a695acece9c2d6127ad20a8d47b63a67d9a1402ec791831ff219b642176880e

SHA512
808dd8872562ca4a40c1fa19b1b9ceba5fd5d9daf02f123ec8277f8399ae14a045de2401681aae5971dfd3a399964815345596f59bd888cf8afdeca48beb5b14

Download Submit
/data/data/com.pittvandewitt.wavelet/files/datastore/Speaker.preferences_pb.tmp

Filesize
155B

MD5
ed823a33096a1fdfcd9eed5271a5da0f

SHA1
df5e8b790dcbc252a23a5d810ed51a37b07d0354

SHA256
2f93db986aedaf9930d3bf8c41a80ba7bb82fc59ad30447e2b659e7ffa914c64

SHA512
8efd82f3af0b1902bcb2c76b9119ff75416e8f018eec02de201b3520b2f53066ba1dfb3655290706ae71863ca39887dcac2bb687fd1edd8d1242f3893efd5098

Download Submit
/data/data/com.pittvandewitt.wavelet/files/datastore/Speaker.preferences_pb.tmp

Filesize
180B

MD5
a52a998e6afae1745a41abcdda3a5f6e

SHA1
09abf223304ae1f47fd0f6f9ceae7f26bef668a4

SHA256
cc206ab147f5a9bf38938b1ea7fef5ac220d5eee7101c16605d12c12b207465b

SHA512
cd650c09fd8aaf504b8c4f1257fe2a1a74b3bbea52ae252f1225879491a3ef58c8e9edaa1809fe448c94d2bd21cb8d8a42fc34641af27d0244de330a8d68530e

Download Submit
/data/data/com.pittvandewitt.wavelet/files/datastore/Speaker.preferences_pb.tmp

Filesize
202B

MD5
7167a780e88ac2de9b7ec56b901f4b70

SHA1
467d6320b43fbe9629c127aa9e56bfa81ce6327c

SHA256
67494d7c60751e1c1ad0504550127a20618c2eb619cce485c95a349ebfd4519b

SHA512
24987dbf35e72c329466411da640450693068c899862d2daf9039dc446959f2c4d1daa2f72d83825b822403d3c22c5b89d2caee3036f1d8a8a6418d52259fb18

Download Submit
/data/data/com.pittvandewitt.wavelet/files/datastore/Speaker.preferences_pb.tmp

Filesize
232B

MD5
6f8e63e659a1cd21b1d1ccaf041b3855

SHA1
91072af499d777bbe2207ef61f5739e9e752f83b

SHA256
ff21a5fc8c6f28c377776950d657245ffc688fa1f2249c6398e12aa74d4554ff

SHA512
80999ea18662ac743d0ab7f25bfdd260629b4161e35c4ccae1fc73c650e6c31a2b9963a27f3eb5c3deaa21a9445ecb9682c7b86dfc0c16326570b698715ad067

Download Submit
/data/data/com.pittvandewitt.wavelet/files/datastore/com.pittvandewitt.wavelet_preferences.preferences_pb.tmp

Filesize
769B

MD5
29a12ac527f0ac8b77ec267d33c7222b

SHA1
4a6bdf0eed6e96cc544cfae3e407930e62678acd

SHA256
5b2d1cb831f2bec35740043dfad2936742286e387776189748d2b25b6a04a47a

SHA512
5d97a75cf0d5a36c9bc146a788750a05aebb08ca28255af910e6655e2f1204d734f45c6f92dca914586904aedd6b1cbb8813b160751bf5e4de3c411343087509

Download Submit
/data/data/com.pittvandewitt.wavelet/files/profileInstalled

Filesize
24B

MD5
b139afcf12ce19d4804462e8eb78da61

SHA1
aa833d760143970ced4d86ac7bd558a3d29c2d53

SHA256
3975588c25943259de5569a434b45b2c19c3bedcc04d430213ec5d715fedab1e

SHA512
32f8de277d29e5d6dea7073c3d81306ae534c3149042bbf4c807148da5f90541f2c89a3a7bfa323599e5881333b9ba727dd74f71732b18d13ab15bf280405944

Download Submit
/data/data/com.pittvandewitt.wavelet/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
0676901b608560dbb70813dc02be7cdd

SHA1
7f2585344f057cc8bedd54ca136e2c7531063325

SHA256
beaa4678ff2e117e2a13042b5363df2bc91f1a0605a8f7f1146a048322ef531b

SHA512
879eb09cc5d331e77139da320fa43b88eca063ff1fd58b7054887d013cc55ec333bb926907c901c760006392970b4048cab9aed12c289f90088b0f385dfd1863

Download Submit
/data/misc/profiles/cur/0/com.pittvandewitt.wavelet/primary.prof

Filesize
2KB

MD5
84fa812636771d1056e48641d2c8aca8

SHA1
f7e259104165540fc9fbffdc2af992cf4fc13e48

SHA256
b82cbef0be95aacfffcc1cad1279c37210ffe9161f4a93fa569d55a72bfc5613

SHA512
4ad73200ed84eaa93fd4186fe81b4b375d2ad71dd7b036ac16c20ef007b9014cdabe39380bae0a93a17b6344278b825f7bb1c7df38a350bb648346bfa88331a1

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads