557ed02e192458648b6c544df1b3c6e3dd16f1094bf9880997b87be44255e1a2

Analysis

max time kernel
177s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27-08-2024 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

557ed02e192458648b6c544df1b3c6e3dd16f1094bf9880997b87be44255e1a2.apk
Size

3.0MB
MD5

a622c65197086b0d7c28e42f19221820
SHA1

0d3193adb56050091cd38bc25e950e609ac0b001
SHA256

557ed02e192458648b6c544df1b3c6e3dd16f1094bf9880997b87be44255e1a2
SHA512

aae8b0dee7e263a9691c0abf6a6db19836b6bbe18eec446ad7f6724f0dea05d8cc4e5dc4470fe41ebf1eea9ba97797c9af326b6ee546505c510d5ec9065d5538
SSDEEP

49152:aUoGn0W1Y5WExu8phIY29dIaPgTevuA777737fympQb8jD6VOQCHxDzgRtUc3wJZ:50ftUc3wtu8

Score

7^/10

banker discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Requests uninstalling the application. 1 TTPs 1 IoCs
evasion

Uninstall Malicious Application
T1630.001

Processes:

com.tikuve.aggregation

description ioc process

Intent action android.intent.action.DELETE com.tikuve.aggregation
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.tikuve.aggregation

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.tikuve.aggregation
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.tikuve.aggregation

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.tikuve.aggregation

description	ioc	process
Intent action	android.intent.action.DELETE	com.tikuve.aggregation

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.tikuve.aggregation

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.tikuve.aggregation

com.tikuve.aggregation
1⤵
- Requests uninstalling the application.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4314

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tikuve.aggregation/files/profileInstalled

Filesize
24B

MD5
bf6707b10d1dd81ebc05aeb3fc253bb9

SHA1
40b367e681479be057ce1153803270689022e3b6

SHA256
7b91b14e907d32b67419abe39b14722cc2a6ecdc0046dc826a1ab0f53952ec40

SHA512
3e2c080dca9b508c03304e8817b9a1aa349d3190faf998e0259eceec413015149239fd3eb4e1481c325da21b7aa7c3ecdc0a732b41981101820e17082b51bb06

Download Submit
/data/data/com.tikuve.aggregation/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
9d1b36973e3181dc88eee06d311bfb51

SHA1
e459a2f890360ece9788920b5868246ee6c959c2

SHA256
737c56b18f0875e191da0f97c4546bcd35f785648e2f0b1ac6b43b77070ebf37

SHA512
fa3d76896c12f7f0db5e531b4f8b1ca1cea25683c98828dc4c5ca6f2b17342b6657351a290aaf8381f3d7dec4a807ecf26e4764a397cd6286e16def720550d6f

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb

Filesize
104KB

MD5
4b62af4c5e645251aa737a621bee67c5

SHA1
09ef51af50da720b0669adf2e1cb3598a0ab17b9

SHA256
543b2948536c78e5775fb8bbfe0e1c7a0d4ee45db13360899318b0c400ce8328

SHA512
78eef840551a76bd551e60b6cc6906c99545a23d72d75c1b6239b523aca3d8cc454910710fb34724199a888d65c81b5f1cfcfefb8e7e906ffc488424b63c9245

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
c3df0ab34c9acafa7727bdb2e59967a9

SHA1
6f1b67ff1f00c7837aa779591e038fcc93beb1b9

SHA256
6a47c08f858bd6b68381dfb45ee0f6870b8beec39a51e930fef1a1c2a51701b4

SHA512
d9e6fb763b29aafe53533b6d8fd1f6d2d272278b60e2dd5d576e94673726881c2f34e1ec882bcf368b09d77f07d00a61429b23b342706c700a8d290fcfeb34a8

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
9b9c4830923c51469018857354652cae

SHA1
bc5cf56c695b4ead3ab942cba1b7022c02210a9b

SHA256
0525e85a57c0d6088252c0eeede982a716eab5b519aae1163ed29b34579adaad

SHA512
b156333a22ecf238ac7f04128d60aa228a50ff859d6a1b122a2e7886ac487b7acbfa7971212860d66a0108ef01d7742637110e122dd92ce6a7096e33660e38ca

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
a269b2b45327741d1855edee633a6a9f

SHA1
77739921e84558b4a79068877b0fe8641b13b4a1

SHA256
cba572523aee0f276b9a77c71f7f70673d3f919d0277638462e59f0d27fe5343

SHA512
8a185170be82e300e9ee38d13889a340e2091c6193694bf6b4b2db869a33e2a2180cfa55692719f76cc12b9f28c786ab4b4ed32ea8556f1fdc1ee1487aec46fd

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
5659913e1f20e945478162e0907131e8

SHA1
8b8ccc37240a49843bf1d5527328705f035d9c94

SHA256
ce1de662b7d807b11ec45e118a69d6157be0a260707cc7c77418ab065b7d3a61

SHA512
13240263c4b80703d4a12d9eb172b29b73b86d17ef0b07374b91cdb198f8047416b23ddf74590269f907307edcdb2fd157715395501c17f4a5aecd208c6cd83d

Download Submit
/data/misc/profiles/cur/0/com.tikuve.aggregation/primary.prof

Filesize
4KB

MD5
0644d04b23a3d4d35ab777add7e45bc4

SHA1
101737897e598b7c763652489c4a17ca32fd6c48

SHA256
f45a3e48de4a0895ef195b763c0e6f07937910e2d975cef7034c84b8a55fc52b

SHA512
711e4339ad2aaa8f6b74fdae924bb30306c537d403d88528be35d20eb2561f7aad74196090591142723664087d51eb358f55d7c3a6002cbf04778588ae4ba1b2

Download Submit
/data/misc/profiles/cur/0/com.tikuve.aggregation/primary.prof

Filesize
1KB

MD5
d42ce87c7b384629c77daf77eebc6c9a

SHA1
32c54262853a9e58ea0570f9d78fd4daca715653

SHA256
a87345ca406e2c20a814f04104b9ea3fbb43d04cd04930f51d1d1ba216ed0fbc

SHA512
1bda90d2b41f526f80da5c70f04577156aada9eaaf4a0e948b8573a26dfd39cc462bcc1bc64977bde36eb3d470cb4c4f1e55f333a93b93d865534865e26bb985

Download Submit