Overview

overview

10

Static

static

10

bc4291e2f4...3e.apk

android-9-x86

10

bc4291e2f4...3e.apk

android-10-x64

7

bc4291e2f4...3e.apk

android-11-x64

10

Analysis

  • max time kernel
    14s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    30-08-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc4291e2f44ace94341c149435d094a42e958d79974f5c237f61a7a9029aec3e.apk

  • Size

    1.2MB

  • MD5

    c12215a656eca98e7c6e2ef04f65c0fd

  • SHA1

    2b3e33138c1b54adb00ad89ed943686d52dbf0c1

  • SHA256

    bc4291e2f44ace94341c149435d094a42e958d79974f5c237f61a7a9029aec3e

  • SHA512

    4f2372fd7ee96c52ca757f6413fd9cf6e389aaed054069ed039956d7891312ce31b6b74e5dd3af11417055a9de203c600ca2bad4d4f08088493918153361e845

  • SSDEEP

    24576:aJOi8uCMvTqYdsz9Rl/4F1rgfBol9lELD:sHnfIbR4F1rgIfY

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.cicofudiwiheyi.pekoca
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4969

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cicofudiwiheyi.pekoca/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.cicofudiwiheyi.pekoca/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    7641fc652d42b771e64d5e6df6b92f94

    SHA1

    659b0c0b0d33ff97c3a280c88e6e0bda7c809bce

    SHA256

    95fb08cae3f178a1e81cd7126f09012016f639799ddde9d597ce165e4cf2d181

    SHA512

    e3e59684d58f3ca383743039a4059cc1e18bf8094059e1a286dd5f2013368f38dd09b7a26e3c94cabcdda1b00355ab3534e2bda4a87fe3db7352b4f84a814da8

    Download Submit

  • /data/data/com.cicofudiwiheyi.pekoca/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.cicofudiwiheyi.pekoca/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    e3e21c70e8fed527a258700a0897bf4f

    SHA1

    c3dddfd604f0959275f522e2f53eac0b911a7f16

    SHA256

    449e8a19df011a05c6ba50afa0258a7b5f015e343909219d1ec1b4379a90fd40

    SHA512

    1d08d4ead52356c42fb28a599df6ea5759b3980a94771cccb6035767eb8f73f0f4020b5088f2f25240e58c61a53352e01ebc06ceb2b7347ec61b17389a216ed6

    Download Submit

  • /data/data/com.cicofudiwiheyi.pekoca/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    cb3493aed51b5ddb2799a5bb66b4d117

    SHA1

    b17c9e5b8cfa26f6b24b22175b7106ab55d3a38c

    SHA256

    5d79ca9aefa8f9f03869396829c285ea3cc61c9c18db933244847f184df4b97b

    SHA512

    a9bdff96611be079711ba817406a1c543a70405d18725e339958835869266accdcafd410ac6ec64ddec94126da931f86031b47a4d7dddb7d48ed47e3c3973f42

    Download Submit

  • /data/data/com.cicofudiwiheyi.pekoca/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    08dc0ace5c4df459ccc6a0378a47269a

    SHA1

    40f86761f755fd3642f11572044177d1ba31c924

    SHA256

    2093da4dae3c9299c938eeef1ea6d1b457498246075402b4cdb0133b7aadc262

    SHA512

    0c6d207f9f71a07203a0a324a3b6ef7943ed488ff12a03b8a8f08b2665a4c1d2be2b95225b20e8a1533e900e20828f8304f84fd5c17ef0dfef6c01da954b9bf2

    Download Submit