7e41cd654128fdab2606a0975d132dddf036320744615d39118ace060608e6a8

Analysis

max time kernel
7s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-de
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-delocale:de-deos:android-11-x64system
submitted
08-09-2024 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SwiftStreamz_APK_v2.4_Download.apk
Size

21.4MB
MD5

b9670781a6220f5db33c9dbd6c25238d
SHA1

d7b5125f47ffadc06b6e27ea900fa0dfa1f1cc6b
SHA256

7e41cd654128fdab2606a0975d132dddf036320744615d39118ace060608e6a8
SHA512

a18f1c5b326b8bab3df03a474e77c27414aea61e04f123651e4d1981bce1a39619f9954190b70ac1ac7eecffb09fbe60083c061b3bc66811890dc6582382a993
SSDEEP

393216:KD51hYo9wYYoIPH9Sg/2BUozTNR4pgka1SiDded0vQ5ofh5B:KF1h3aY/IPdSg/2BUozzSicd0vQ5M5B

Score

8^/10

discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

Processes:

com.swiftstreamz

ioc	process
/data/local/bin/su	com.swiftstreamz
/data/local/xbin/su	com.swiftstreamz
/sbin/su	com.swiftstreamz
/system/bin/su	com.swiftstreamz
/system/bin/failsafe/su	com.swiftstreamz
/system/sd/xbin/su	com.swiftstreamz
/system/xbin/su	com.swiftstreamz
/data/local/su	com.swiftstreamz

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

com.swiftstreamz

ioc process

/dev/socket/qemud com.swiftstreamz
/dev/qemu_pipe com.swiftstreamz
Acquires the wake lock 1 IoCs

Processes:

com.swiftstreamz

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.swiftstreamz
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.swiftstreamz

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.swiftstreamz
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.swiftstreamz

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.swiftstreamz
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.swiftstreamz

description ioc process

File opened for read /proc/cpuinfo com.swiftstreamz
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.swiftstreamz

description ioc process

File opened for read /proc/meminfo com.swiftstreamz

ioc	process
/dev/socket/qemud	com.swiftstreamz
/dev/qemu_pipe	com.swiftstreamz

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.swiftstreamz

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.swiftstreamz

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.swiftstreamz

description	ioc	process
File opened for read	/proc/cpuinfo	com.swiftstreamz

description	ioc	process
File opened for read	/proc/meminfo	com.swiftstreamz

com.swiftstreamz
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4579

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.swiftstreamz/databases/OneSignal.db

Filesize
52KB

MD5
e50e029ec0226f794da6d3fc0535d4f6

SHA1
027173bb3c775e8ee027c1e22930d9b1607195c3

SHA256
c776d1acf90c60f95a89ee4db8222acedc8e0b097d5606297aa641a3403821ee

SHA512
4f12a39bd359554fccacb8ac31e2276c38fa69a2de927f43216c9012bd3aeee0e1a0f47a48d114c6e45309e069cdd5a6979d90d21f2e60f0087f42b8364672ca

Download Submit
/data/user/0/com.swiftstreamz/databases/OneSignal.db-journal

Filesize
8KB

MD5
0f02b1360940246eacc8e50d903c4296

SHA1
e6a2d27f7dd5718981728da8424d4b2c586c1268

SHA256
752e34f850ad908d7e15f97fbb40cdfdc0077e1a429f5cc5f0c5e2a254490e64

SHA512
158e3c2bb3491e43cebc1e5ed234519203f9b7dac1ee1d581adde4fbe75e23428c35da62293125ba6384191c30a052fd897504f290baf512832ec378b8a31909

Download Submit
/data/user/0/com.swiftstreamz/databases/OneSignal.db-journal

Filesize
8KB

MD5
81e8f337b9bf0364811a88c8f4c96bd6

SHA1
6041e834a2ff3d5f5e5a9386cc5e68bdf0308dd0

SHA256
40675a9f47284406484cb76f24da1ead213e95a551006fd4a93bad033c2a20f2

SHA512
6c3ec399c2b110dc62b00bf9becbb31eca74abfb060bced3a4857462c619ed202027a88a41d3d4fab1afcdc3d0b4c3290957868a671fd7276d7491d9fdc7e101

Download Submit
/data/user/0/com.swiftstreamz/databases/OneSignal.db-journal

Filesize
512B

MD5
c3ed38d52d714fb38f7c90dc27084c0f

SHA1
d90f2c2c5cc088b27ed263a226027553a96d0592

SHA256
b00d38bc980d00929daa3a9a61b860db70231bce75564ce6e23b5cc15944a07f

SHA512
6e04981711f1198e43c9cf5952e132fa5555466e52bc0026dcd0225da3fce2cc95001e1221542eee1815eb45ba91bcc28e31fc7fcf5b7a12407dc8c3f4817426

Download Submit
/data/user/0/com.swiftstreamz/databases/StartApp-d6864f2502af7851

Filesize
16KB

MD5
8c0c6fdd001a94ef6e1f6dcb6b5b1d78

SHA1
17d929f45abe913c3e64eda28268ac54cc0440ef

SHA256
2083b7d43d259aabf8cca3e61f7c4b81ec13bf2f5c68ae7f665421738335a57b

SHA512
e7e91629a99dea7107715bb4b1cd4d5fa7ee27e79a6a7d8a634e3e271ccfbd9a654cddd3e2c59fcb5abfe0cfe031c80971fd7613373799a553b08371ce2a1727

Download Submit
/data/user/0/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
d4e123f5c1eb0b6da9ac7054e200383c

SHA1
487f77a1678c312c67cdc4c26ce4749593413904

SHA256
fa6e981f236b5ff71951f9b6b14d444105d24bd5d9aeffe8eeb23c5f8bcf7170

SHA512
b298d21601f306e0c8f0d2bbe01f6d73ff02a02efa0ffd79d399b3884a657fea064bbb4fd250d9dc2800e4e06c4f1128f1b5780788f5a3edfdaee40f0db39168

Download Submit
/data/user/0/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
0cb05e392c30461a5eb64010829e5b21

SHA1
497c8cf6a9dab4a6bc2da15ea0cec2072ccb9599

SHA256
6c3a1dbc7a82e13b506ca306780cb73ada3cbd4e5d56c52616b9c0c3816c59fc

SHA512
cebd7bd575dc908b712fb75406b7d1170d21974ec6e1ee66406a11e97dfb88b77bfb9267c0ce28501ce80c15e3006d16e7ef6ab2e88b57cfe65182120f1c07fa

Download Submit
/data/user/0/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
a4b51db9acdfeaae17197ee2e87b9b6a

SHA1
ee51e311ddaa3363172f77f9a72b24565ab76052

SHA256
314f81c8684b1b2e162f0408dae9b927926435494c66f278ed715783250ed96d

SHA512
516bd4aef288bd54eaad5d607f583f392233311f6baf88c372f9ed5045868871497bb1abc733471535c21b377f5688164283cedcaee13b51ffff2592749a5a54

Download Submit
/data/user/0/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
2e9e2d919d0bbd46d1d51a868084e3c2

SHA1
eab7a6fa84ea9043fdc66a9c39f73a097853c22b

SHA256
3bc22b6178f6fe4bb3f2aa1ee5b65b3047d6c567db0178641948edf4dda094ab

SHA512
7ea2dea8f73b7d36639708c232a19a7e0fbec8f644cf8366d565b3ff54739a8892c1123008777ddaf45934075b31cfce89b1d46de8bf98c50f6bb78f4bc72179

Download Submit
/data/user/0/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
008cecab2cb9be23ced40af48c2217bb

SHA1
d1999bf986776e8ad1775ffb1f3e6d3ef47af73b

SHA256
d213ebcd8333ed1b628e22fd2231baf1240d6d4cf5086a8381958536609f9d6a

SHA512
b4b84b160bea9b25bffca418b29a78c2aa64e34bc6e5b87718744f363be940d3b7a910d9397f78f154cf0b70156f0adf7eb12d7b17c34b81aa7ce6ec73f7d9d3

Download Submit
/data/user/0/com.swiftstreamz/files/shared_prefs_sdk_ad_prefs

Filesize
5B

MD5
9dcf2a6f12095ecff342e9fa0c5ca72f

SHA1
c815f34691be353caa9de93bbdb00a31f62a9ed3

SHA256
4e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5

SHA512
7ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c

Download Submit
/data/user/0/com.swiftstreamz/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.swiftstreamz/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
53f0ce6b54fa13747c614d7346a0c961

SHA1
0eb76e89a46cca7963777737d7b2e746c895e967

SHA256
f5f3ec9a77cf67d03657e22db8a0161c6e7637e4e91fcc5576527690eed95a9e

SHA512
d27d586195a9983373fcfad232e56f1d217a18c15d97a8f1e0829bbf135d7079557b90f7c0b0a487f6fc5fb03f5ac30515d36e42301b24bd2fba6e54586e65e1

Download Submit
/data/user/0/com.swiftstreamz/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.swiftstreamz/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
a9bc14c4fbbfcf56d4471bf1edb1e0f9

SHA1
574827c96e9b528177ad4ac45f10b2163a18ab81

SHA256
af42594eba37f1c27b5e5e4893c3742f3a66cc166855ffbb5717513f6e45e165

SHA512
937c1910c848300dc26001817fb97d80db03620aa7eea6de0f597cf343f7940734716b8fb48d5035ac086f40a8e52134fd456e75e98e5a6789fd6caa71bc3fbb

Download Submit
/data/user/0/com.swiftstreamz/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
565323b7d5964f79a65af5cfb4746a5d

SHA1
aee8493e44b4fc08230997cfecf57737f85202c3

SHA256
27a915f85de2ef57a96ef1c5b29d9893baaa93c75a1265e7101b166d7b9325a1

SHA512
1509c3e578e78ae1f9b11691cd9622951376206a615dee2de03a8c0c69cec2a66b1b12fa28dc6bf3d87100513e34a114213b4f1945b9452cce6723176421f91d

Download Submit
/data/user/0/com.swiftstreamz/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
7f6a488b8cc66a03c8b368b11df05d7b

SHA1
bac09015ac164e3b797d853c42c9da810fa323f5

SHA256
cda1c796addb9029e4503a932f3dcf36773b1da715561a323112965500664754

SHA512
98ac969c09117ff334ef14b42739a5cc5c8a32b58e7daae8582b1b2d016ad28062ac250912fea959dc0a5cb283747354794bd5c45c4ae3f4899f7905c2147909

Download Submit