cd810f409bab3f549797d70798ff32d3b3afd2b814540d40c442ef59960d4275

Analysis

max time kernel
10s
max time network
131s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
01-09-2024 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

exteraGram-arm64-v8a-01012024.apk
Size

43.2MB
MD5

68cbbb85ea030ea79d323f2fe62975b2
SHA1

0cdf498b81aa171c4298c7cf3b7311a9ced9c616
SHA256

cd810f409bab3f549797d70798ff32d3b3afd2b814540d40c442ef59960d4275
SHA512

9c081dfb9b0fc2ab2985095ed7f8659ca75097ddae31c765d311cf539a5b5841b940ab7abe14f1dd35882ec2e88c02eacffbafbc551d3c02afb109654b01e02e
SSDEEP

786432:IxI/2iu/mvhxSTvSGWD0VIqrW75N4gtiqhH3E54KsHqnII4DpBNChCpTid:X3STvVWI/oUgHX0a4ov66id

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.exteragram.messenger
/system/xbin/su	com.exteragram.messenger

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.exteragram.messenger
/dev/qemu_pipe	com.exteragram.messenger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.exteragram.messenger

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.exteragram.messenger

Checks the presence of a debugger
evasion

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.exteragram.messenger

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.exteragram.messenger

com.exteragram.messenger
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Acquires the wake lock
- Queries information about active data network
- Checks CPU information
- Checks memory information
PID:4378

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.exteragram.messenger/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
53a05d58799a4b1ea0fde61a5831c610

SHA1
437fe094a2d09fcba164a2c77a4faa9ae60eea22

SHA256
595bdbac9ee9bd2cbd387bf99a02b2d89ae7900f277af59a0800619ad3324d37

SHA512
a222bb98c67f3f4bf1f751a35f08680832a9047d5c5a8256884aad9f7654192bf971d9aec91109d2234a86cb1cd3b6f51fef8c69d49e7ef1d9f61e725500a7dd

Download Submit
/data/data/com.exteragram.messenger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d5aa405b7b98f92720aedb9c1bfa35e4

SHA1
eba5641489f081a8ae4f82877a1bc3e5385b2669

SHA256
1a1003086347ac42404df3381afec732bc8480874fd5277fc5c13f19f0271298

SHA512
4014c7eba8dc35636374d9405b751a87d162bcbc9bbc9669987241a20510b6b6d9f79105cfd717be47bd5e76e2c8b0279ad115c10f4d825981b360bcb229cc68

Download Submit
/data/data/com.exteragram.messenger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
2a253f44dd598ad8d6824e8dac04b4b6

SHA1
c9073e153a417fe4ce01af708ad5558c955373f5

SHA256
81e6cbb1067c3420f66a9b83a7fd3c7e8258e8ae47f560789bffa236b635e784

SHA512
88b89739c74a0da14eb671390134f708da8672d6978660cd80be763f69940a6e35a2d3c767f49678c800cd1f2886979dcda96b4a49508ece480b7ee4a9eee139

Download Submit
/data/data/com.exteragram.messenger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
7678d9cf1a04a8ad433e2bf77e90cb53

SHA1
3d82e2c72cd19a083345499e9bc4df4d7ffd0366

SHA256
33296f0bcd2d7d92e8305ca8781dfd070923491fe5af079a6dfdabd269207adc

SHA512
701ff6c171ced9856c6bf81afd1d0f4e737ef1ec708dbdd25c7019cb42f445e8ef6e99bdb1dee3718eb8ec20c9e3f6679109f7ae5aee3f3cfa7d04b76a03afcb

Download Submit
/data/data/com.exteragram.messenger/files/.com.google.firebase.crashlytics.files.v2:com.exteragram.messenger/com.crashlytics.settings.json

Filesize
720B

MD5
b72392b028b7d1fae23d709e06c9329b

SHA1
5a94ef8204d4f674ceff71f4ba74f1b84bd278fb

SHA256
99f697c44e069b82cba796bb85172b1f9249808d0403a3acb1e09b09d39d0e4c

SHA512
9f7fbeb6071ad368773aeb2ba85a39212b01c0b0f22d5d3c37e04df4408c484c987d0e4338238061cb8ca29b9fc35a728f45c867bab3af20f8a1ecda38ba2b99

Download Submit
/data/data/com.exteragram.messenger/files/.com.google.firebase.crashlytics.files.v2:com.exteragram.messenger/open-sessions/66D46916004E0001111A9B69BBD5DCDB/report

Filesize
757B

MD5
2e170f782846980e274408317dee3a40

SHA1
ae1db502530ad79f20c546a4f876bece22a171c0

SHA256
355c23a554d1149325c866fca47893f565d14d2a5659dcbec80c1ee34b81a23c

SHA512
c8c0858325517ae20792ba61686d2bf1858b35fb8814d4ac807db319bd5157a63ba18959f90937e3617e50ca47cfbb6a3282099901567e9dac90c07a23e30cda

Download Submit
/data/data/com.exteragram.messenger/files/PersistedInstallation6113926820769053971tmp

Filesize
90B

MD5
652e7f54527ebec18ee519d75c457862

SHA1
899370f6731c796977f3b8517ebff713aacf5083

SHA256
49c2368fab80bc5018b2917d75827c32c56c2b636cf6b8d5638a36e002a925c8

SHA512
cc57891bc068853de70bd83ca42d3ea925e6b6100e18f619e0b48047d95da6ab95400b488bf9b695239410dcbf8ebc652b112c80df489b65f59892060b17fd5b

Download Submit
/data/data/com.exteragram.messenger/files/PersistedInstallation6328902252401256113tmp

Filesize
568B

MD5
5ee87af74f701da400ef9c856d2eb2b9

SHA1
e6cc9e2af19f385add7ec61da86f9499912f0b23

SHA256
f5f4515ef63d395132368bc7fb764e6a7c1973cf483d0a0d72e26735e229733d

SHA512
932fc124a6f64650976516a06c7045aa3804c1e2217176a7653188c3b0762382f45344642e7d147745eaf8dad10a03ec664734993de00785aefbbbc538e269fd

Download Submit
/storage/emulated/0/Android/data/com.exteragram.messenger/cache/000000000_999999_temp.f

Filesize
1024B

MD5
0f343b0931126a20f133d67c2b018a3b

SHA1
60cacbf3d72e1e7834203da608037b1bf83b40e8

SHA256
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

SHA512
8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads