7e41cd654128fdab2606a0975d132dddf036320744615d39118ace060608e6a8

Analysis

max time kernel
7s
max time network
146s
platform
android_x64
resource
android-x64-20240624-de
resource tags

androidarch:x64arch:x86image:android-x64-20240624-delocale:de-deos:android-10-x64system
submitted
08-09-2024 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SwiftStreamz_APK_v2.4_Download.apk
Size

21.4MB
MD5

b9670781a6220f5db33c9dbd6c25238d
SHA1

d7b5125f47ffadc06b6e27ea900fa0dfa1f1cc6b
SHA256

7e41cd654128fdab2606a0975d132dddf036320744615d39118ace060608e6a8
SHA512

a18f1c5b326b8bab3df03a474e77c27414aea61e04f123651e4d1981bce1a39619f9954190b70ac1ac7eecffb09fbe60083c061b3bc66811890dc6582382a993
SSDEEP

393216:KD51hYo9wYYoIPH9Sg/2BUozTNR4pgka1SiDded0vQ5ofh5B:KF1h3aY/IPdSg/2BUozzSicd0vQ5M5B

Score

8^/10

discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

Processes:

com.swiftstreamz

ioc	Process
/data/local/xbin/su	com.swiftstreamz
/sbin/su	com.swiftstreamz
/system/bin/su	com.swiftstreamz
/system/bin/failsafe/su	com.swiftstreamz
/system/sd/xbin/su	com.swiftstreamz
/system/xbin/su	com.swiftstreamz
/data/local/su	com.swiftstreamz
/data/local/bin/su	com.swiftstreamz

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

Processes:

com.swiftstreamz

ioc	Process
/dev/qemu_pipe	com.swiftstreamz
/dev/socket/qemud	com.swiftstreamz

Acquires the wake lock 1 IoCs

Processes:

com.swiftstreamz

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.swiftstreamz

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.swiftstreamz

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.swiftstreamz

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.swiftstreamz

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.swiftstreamz

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.swiftstreamz

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.swiftstreamz

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.swiftstreamz

description	ioc	Process
File opened for read	/proc/cpuinfo	com.swiftstreamz

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.swiftstreamz

description	ioc	Process
File opened for read	/proc/meminfo	com.swiftstreamz

com.swiftstreamz
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4951

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.swiftstreamz/databases/OneSignal.db

Filesize
52KB

MD5
5715efdd2d828d4d57c1376120ba2806

SHA1
06f279c976087695aaaf885df323d996a2560cc1

SHA256
f8ebc23104952761ccaf8dcf7ea9e5341bb0f3da744550a518f8dbc8b3404904

SHA512
dbc9dcea4f947dc61663054585dcc175b79ce7d69aaa8335754d1fe6d02881dadd75d3846190178e677e80efd63a1e364a31d51620d51e8e6254b8864651bb30

Download Submit
/data/data/com.swiftstreamz/databases/OneSignal.db-journal

Filesize
512B

MD5
c8cddde5dc9a527010ad7bdb53820ef8

SHA1
96855742d33f5b2ee682f3d739fc1b2942be092b

SHA256
e9e6247e43080e54cc81158ed8d19320eac53cd6845e0058cbdc336f18cceebe

SHA512
dffbe53d3dad01ef87b45bf66cbbe0293d1f6790b6c20d0ddec2b7495ead8169720726c3bfba170bb4b612bcad129ab44ad9f8a3ed6d6e7b9e9c5cee47665869

Download Submit
/data/data/com.swiftstreamz/databases/OneSignal.db-journal

Filesize
8KB

MD5
045c729b3e6bbc74d1968a49433afcdf

SHA1
8fa224628ab2bf22c58ce9198800e4c6f1a9ddd3

SHA256
cbec671d99c47c69b86fd14eec047b5cd6bba068893e5880fb4622cd5b8656b0

SHA512
79d22d97441c0c2bd14848814960c4e2c24ad4a6104c4808842ae18e9c260374d01c9f3b9b2d1a62a3aa452d970ead247148ac1d78440c10071004b7cbd336c8

Download Submit
/data/data/com.swiftstreamz/databases/OneSignal.db-journal

Filesize
8KB

MD5
ab74a2f07eab4bf6ce8629acd89d4675

SHA1
c6b81ac4d4de0fb1f053112fe91001eda9d13ab3

SHA256
69d5732aea46dc2d6047de4404c0f216b265b57ed96724bc3f253b28d9ff3314

SHA512
dba67209cc481177a1a661171e87d946014527efb35eb2470320d261b6d2fb2a0fae740b4e8c2e6912cf81a2ec6a04e173a4d85a52e5f6c418875adacf705eab

Download Submit
/data/data/com.swiftstreamz/databases/StartApp-d6864f2502af7851

Filesize
16KB

MD5
14fe7cbcf8474825af4d4855201d4489

SHA1
2ca91ab92bf17c6d76724bf4feb44d1e2039a2ff

SHA256
355a675e594a92b6f5f1b2fb12e4d01577a1d1ccb4a8df4c67fdbf56e5f86aad

SHA512
181a80adeb15ba60b1bbd34fc3881827976fb9f990fcc72e9c3190ae4199dbe6e20fd2ba45609bf34fc28a540f1fa21ddc9ab21873902664c225715f1cb05fde

Download Submit
/data/data/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
d8bc662aa1a899d7d3d8a658a49a1736

SHA1
bf6e79a823cfcab62583096a171626df6f27eb13

SHA256
6f0a16270ab152444de48f4f154d8f448f77d691b88fefdd1565ea699907918d

SHA512
07fb0de1fbe35597044b76c618e3794b0875968814acaa3e6441cdbbce63ff28f28aa23ec416b138b936dd6dfc959b8a3b1c1a191022940987cd03f404211946

Download Submit
/data/data/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
540cc4502c8629de10fae289289cd18f

SHA1
3009031f601dcd439a7a9ab783caa6d27eb0b0aa

SHA256
79379660740b4c13db4a067995a1fe7dae3367f5212feb3624ef5d8ece2f4db9

SHA512
cc90fd86db009ffd8ba3a459dff2f22d659e56e5b8b29d1345958c53619d8163cf61e7dcf89d869b14b063f665d79f2c09ff343334ac5420c3b8704c2e291bf3

Download Submit
/data/data/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
3f35d127b97d451eace8b9a3739d1960

SHA1
78a39b015b1be626a091432db69577951a367286

SHA256
d5e36511d1b1b9cad709ac0ec35fae01938926aca064bffd61c3cc5be59e9f9d

SHA512
9c4a864fb0902bb4a8366923f743c5880fde4c40066e166106a18868afb5cf51441dd22993dcc1746e42110b46b8a36c0ac0ba13bb6055e57b5d86a449ff668a

Download Submit
/data/data/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
be4835e9fedaf1420e7fd3b7cec66752

SHA1
3a18b042fbe31ccbd48e1e74742e81e85e46c33e

SHA256
81eb9cbb901740b12abea3e290c0332d1fac058e6a20019dec88d5b13832e09a

SHA512
468195af23ef142bae56b625cf840809dfbbdfdf912e3bea86145c545435533313dc69dc458c0ef5ec56425324dfbefb0aec3687e8e24a336f98b5436d1ac7c4

Download Submit
/data/data/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
6f27f1a38792c31cad8db0a96d07fef8

SHA1
5375f202d595eeb0b79ede2fa76fe3b3a2a4b090

SHA256
5ec8d575a1d9e34092bfd8128e96da4628024cbe012c6f76f39f0950c866eec6

SHA512
94c1a404385f0c0e4b7ed60e7312f2dbedca110f106643e8485d27737a6d28e0ed7c155b580c982e1f182499af08069af55e9884e27b8cb76c0018ec178eafcd

Download Submit
/data/data/com.swiftstreamz/files/shared_prefs_sdk_ad_prefs

Filesize
5B

MD5
9dcf2a6f12095ecff342e9fa0c5ca72f

SHA1
c815f34691be353caa9de93bbdb00a31f62a9ed3

SHA256
4e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5

SHA512
7ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c

Download Submit
/data/data/com.swiftstreamz/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.swiftstreamz/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
08624b08d3b00234900834235bca00ad

SHA1
cc85b5a81a92aa8ea280eec30b8dbf4a1d17505b

SHA256
dc2ed2dbb6c6426e65505aab63698fdb8e2c06a1aea97db1ef30b207fe68b68d

SHA512
72a553a5334bab51f862df0b3874416798e20f668cbf87e6c35b69e848babc7591c5ff21e0de3d416d1072aba9e3d12ee7c321d4904ff50abccfffacd0425ef1

Download Submit
/data/data/com.swiftstreamz/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.swiftstreamz/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
c62449b593ba29cede31dd4b4928d3d3

SHA1
9e4e9be5329081db3b94d29ff3bf73f4fcff44dd

SHA256
3ffd99e161e1088e968c60ca6d18c98e25609104ea57624344d12971eb4b2012

SHA512
c50a5d7a7f4c780ce12b40e6fb9723b54e29a8973d069c1355677a2aea7a66e68d5e6467c81d4ec07172a4f54a408d4bdbb9d0424ca8644eab28a0058b03a9a2

Download Submit
/data/data/com.swiftstreamz/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
5075dd23ce4ae5c26157394b5dd31430

SHA1
c4d2154d2a376a8f878cee28c2d3c93c8863bff0

SHA256
73b3c2a07a43ad8e64489feb10726e41d4935aa5dbbf5da4e55e42f0ed3335e7

SHA512
464ea86f0070b704ae965d5162d276d0ab589b53d2e02be6c0adf159d611927fdf82eebc9bf846b4d0914ad8741166c727dd1411205dc9ff6f5d91a8d2ff1a83

Download Submit
/data/data/com.swiftstreamz/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
3f5b7dc98a9f94542c775fae5a42c40a

SHA1
1adbc903815ea1fc6d460fd60984c8fe4b0cff57

SHA256
48b354b21b30fe2d20f91f7b938bda6d5dfd4fc8fb59732b7bc35392ba64c086

SHA512
4a0118734302737ae081bf11170eb5bd4883ddbde01529c72e3e8cd70b0ce9be2370a7685aec8ea57e1cfc1b17030bd236773732307527dfa28b97438958bb31

Download Submit