557ed02e192458648b6c544df1b3c6e3dd16f1094bf9880997b87be44255e1a2

Analysis

max time kernel
179s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
27-08-2024 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

557ed02e192458648b6c544df1b3c6e3dd16f1094bf9880997b87be44255e1a2.apk
Size

3.0MB
MD5

a622c65197086b0d7c28e42f19221820
SHA1

0d3193adb56050091cd38bc25e950e609ac0b001
SHA256

557ed02e192458648b6c544df1b3c6e3dd16f1094bf9880997b87be44255e1a2
SHA512

aae8b0dee7e263a9691c0abf6a6db19836b6bbe18eec446ad7f6724f0dea05d8cc4e5dc4470fe41ebf1eea9ba97797c9af326b6ee546505c510d5ec9065d5538
SSDEEP

49152:aUoGn0W1Y5WExu8phIY29dIaPgTevuA777737fympQb8jD6VOQCHxDzgRtUc3wJZ:50ftUc3wtu8

Score

7^/10

banker discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Requests uninstalling the application. 1 TTPs 1 IoCs
evasion

Uninstall Malicious Application
T1630.001

Processes:

com.tikuve.aggregation

description ioc process

Intent action android.intent.action.DELETE com.tikuve.aggregation
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.tikuve.aggregation

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.tikuve.aggregation

description	ioc	process
Intent action	android.intent.action.DELETE	com.tikuve.aggregation

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.tikuve.aggregation

com.tikuve.aggregation
1⤵
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
PID:4485

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tikuve.aggregation/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
c57ea5a767fa0c28082a7219d5b7c231

SHA1
df646abf8db7cbb18fbbbfbe5b7753cf757fa482

SHA256
c8a860ca355e2186bf9fd712a48a50ee9aa39098e949685813e512b583ba4bd5

SHA512
1077b1829a2de2335f7cdd2783957956cf9d8e84ec95cf68f440a1f741c4920cb14dfe5c4a1ce90bae01a0ef56312d6b2a6418d81f5ec7d23766f921c504db9d

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb

Filesize
104KB

MD5
7cde7bac8ef7a3343eebb24eef0df076

SHA1
bc485053d7f75be9c46a284609909051424cfc95

SHA256
4baa3d104272afccac67d91099ce97465df46c06d3c34c64ad2e1c64b3250d88

SHA512
400c1792c8283b223a4b748495ce470ea386daece9ddfded046812c606b98ddfcdfb4d511a13d1d682c009d54c3db894c071667a12fc04c11f6fee11a847d0f3

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
83bab3a9ff8ee2a454f4f1575dc6579a

SHA1
75edaa0cea5fc74ae329f97d848e053d92fcef2e

SHA256
4331400de35829aa7ad9a973ef5631c91507bd29ce2ed56fa0aaa31b27805573

SHA512
4baf73e9ea2e59e8f853361128f05117c3cce7982e128729cce1c8b0982df77bbd22786cabe5ae64201767d5ecea42c2b7461ada2aece93b4b1a31e7d21e68ab

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
fd626692768327115ca87a2d96b87737

SHA1
88c37dab6090af4196ba7017d4ed48b65aba165e

SHA256
5464e177d5b7a24def8c1c9a47089f56178b6ece15742c33003154558264e3f1

SHA512
5c191bec52ca0b2168b438b0c5b79f692884918a7bca119c25c92e64f6ac95c44649ee6115842e06b5281be0eb7afc72910c11317b818889b127d54d754c5a03

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
78913a2ba2ead8fff7fab8a604bda3fe

SHA1
c91716a3d09d4dbf114bb7541f07da5fcc9d3ae5

SHA256
fc8592299bc3c38396b16b2a10be86ccb0edc346b521ac42717587b204f75f6f

SHA512
cb57bf9e19475b9c23c5b3eb819b1ecd3182271cad2f99e0eefdfc2c63508569488cefa33a42520c61aee67b52922bd3e38d1189d1eac8829cc82daf5ecae04a

Download Submit
/data/data/com.tikuve.aggregation/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
16bf52753363268b0802587f7f65e3d1

SHA1
f7a676f262f910425efd332d2604442280cfc158

SHA256
720caaf0f2b781f76e446b9cda5b7945e41c099839ed08c12364833f73dccd41

SHA512
d5f997766007be42fd1709bf424548f9992eb46f17d20ea22276c255ee16bae3a6e11cfabb421eb999c3c3e0378f07d548300bbac659dc3586cdda2d8b03b3c3

Download Submit
/data/misc/profiles/cur/0/com.tikuve.aggregation/primary.prof

Filesize
1KB

MD5
d42ce87c7b384629c77daf77eebc6c9a

SHA1
32c54262853a9e58ea0570f9d78fd4daca715653

SHA256
a87345ca406e2c20a814f04104b9ea3fbb43d04cd04930f51d1d1ba216ed0fbc

SHA512
1bda90d2b41f526f80da5c70f04577156aada9eaaf4a0e948b8573a26dfd39cc462bcc1bc64977bde36eb3d470cb4c4f1e55f333a93b93d865534865e26bb985

Download Submit