Analysis

  • max time kernel
    154s
  • max time network
    139s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    25-08-2024 05:34

General

  • Target

    Indian Army.apk

  • Size

    15.8MB

  • MD5

    74cabe96731427c1ce99c2e02b69f19b

  • SHA1

    e30fe038535e73ce135339677c6b609b22079d90

  • SHA256

    7f753c97e4d13bd94eda8f2505d6f228e97ea615692bf33ed030a4d4db78960b

  • SHA512

    28b969f2e5e0f8c8bb746d170183972211fac6e6ae8b0c9f91e954fe0c17e14a1bc3441382c3678b2b619730f658c89563252c5f4877399a7ac41fa3b43abda1

  • SSDEEP

    393216:5zzVhBvXzRQ6ymfXyMKVJJ1eIje5Qc5ahxDaaVHnOy:RzVne6LXyMcJJ1e5uhxVHOy

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.devicf
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4482

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.devicf/cache/natives_sec_blob968523387863523665.dex

    Filesize

    407KB

    MD5

    d743db0c89d4626d2e078ecebae80a04

    SHA1

    07faeec4f4892ea850bd76e31ad2779b8c3bda64

    SHA256

    2f1a706ebdb117e3f7c63deabdd1df7032352f9517293cd8f19dc126d66dbfb0

    SHA512

    9dd5126cbb4d0a887ef0231a7c8582e9c69ecbbed71204cb14c6ddcd1000f19479a0cbe11b663c3b617fd85acc57e15419d7220ecc5c7002e11b2ea432bf4955

  • /data/user/0/com.devicf/cache/oat/natives_sec_blob968523387863523665.dex.cur.prof

    Filesize

    273B

    MD5

    073fcef210080a7d20892b6ba6092868

    SHA1

    a752b0691aebf4de84936cbabe6dbc1cdbc24d0c

    SHA256

    1701a7c317a17b3383a8ae8451d73f3b3c54cdf09553997d96ad9c05b2e7c89a

    SHA512

    2f64a31bfc32aa18ec5711c0c22502e525e776ea68ed2ded8bba0e46cb9fae69b0b0f622a6df30dce7daa80ce86c354ee96ddb5454ab44aaf60f099dd3722524