7e41cd654128fdab2606a0975d132dddf036320744615d39118ace060608e6a8

Analysis

max time kernel
3s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
08-09-2024 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e41cd654128fdab2606a0975d132dddf036320744615d39118ace060608e6a8.apk
Size

21.4MB
MD5

b9670781a6220f5db33c9dbd6c25238d
SHA1

d7b5125f47ffadc06b6e27ea900fa0dfa1f1cc6b
SHA256

7e41cd654128fdab2606a0975d132dddf036320744615d39118ace060608e6a8
SHA512

a18f1c5b326b8bab3df03a474e77c27414aea61e04f123651e4d1981bce1a39619f9954190b70ac1ac7eecffb09fbe60083c061b3bc66811890dc6582382a993
SSDEEP

393216:KD51hYo9wYYoIPH9Sg/2BUozTNR4pgka1SiDded0vQ5ofh5B:KF1h3aY/IPdSg/2BUozzSicd0vQ5M5B

Score

8^/10

discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

Processes:

com.swiftstreamz

ioc	process
/data/local/xbin/su	com.swiftstreamz
/sbin/su	com.swiftstreamz
/system/bin/su	com.swiftstreamz
/system/bin/failsafe/su	com.swiftstreamz
/system/sd/xbin/su	com.swiftstreamz
/system/xbin/su	com.swiftstreamz
/data/local/su	com.swiftstreamz
/data/local/bin/su	com.swiftstreamz

Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

System Checks
T1633.001

Processes:

com.swiftstreamz

ioc process

/dev/socket/qemud com.swiftstreamz
/dev/qemu_pipe com.swiftstreamz
Acquires the wake lock 1 IoCs

Processes:

com.swiftstreamz

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.swiftstreamz
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.swiftstreamz

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.swiftstreamz
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.swiftstreamz

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.swiftstreamz
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.swiftstreamz

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.swiftstreamz
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.swiftstreamz

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.swiftstreamz
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.swiftstreamz

description ioc process

File opened for read /proc/cpuinfo com.swiftstreamz
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.swiftstreamz

description ioc process

File opened for read /proc/meminfo com.swiftstreamz

ioc	process
/dev/socket/qemud	com.swiftstreamz
/dev/qemu_pipe	com.swiftstreamz

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.swiftstreamz

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.swiftstreamz

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.swiftstreamz

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.swiftstreamz

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.swiftstreamz

description	ioc	process
File opened for read	/proc/cpuinfo	com.swiftstreamz

description	ioc	process
File opened for read	/proc/meminfo	com.swiftstreamz

com.swiftstreamz
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4270

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.swiftstreamz/databases/OneSignal.db-journal

Filesize
512B

MD5
3b2923b9f9fb62cfbb48c47eb6463043

SHA1
87d42acd45c440a730be00c3e26e9e30270881db

SHA256
c1e86723b4cf95a080342b59d5d407cddbe038ad3d376dd4c2edc02fbb6e1782

SHA512
020356949698a7e24b0f5b2216f51b3c22fc5560806c7244d206e01cfe805ec453e99f3746a93e4c4fdc168ddd611ffc9e1bd2d5461616094d8d36f6dc06d1b9

Download Submit
/data/data/com.swiftstreamz/databases/OneSignal.db-wal

Filesize
64KB

MD5
8d9cb16694323dd86c050a6f14382861

SHA1
cf273f481433f0bbce4696dd3e8b9729f326e077

SHA256
7121c386f84c3448986dafd65ee4e01031c1f80f2da105613b879fcba70d9636

SHA512
48c53ac93ba36242cc0f16099543b5a6619c334aa4f66f3b52ebc34a64c77574b6220a926966a1a2c2190c0bf7f325bc68042ab324412698e40ca982f08a4b45

Download Submit
/data/data/com.swiftstreamz/databases/StartApp-d6864f2502af7851

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.swiftstreamz/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
a43f29077c1b5d67a0cfe093b2b2551a

SHA1
aed3293c3dc608f9534e85760fea9e1fc749c262

SHA256
62daa1c647e41342bbaebbea6ff24f12a120b9c5d9eb80df672af93f1b7252be

SHA512
4270a9c11eaecb2a9e852d5a581cb0dfca38d6105a68d208d2e1a7535dbeac8344060244b28fdb8fb543f5dbfc97278cae6a498ee47f507813d08e2819becf8c

Download Submit
/data/data/com.swiftstreamz/databases/StartApp-d6864f2502af7851-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.swiftstreamz/databases/StartApp-d6864f2502af7851-wal

Filesize
36KB

MD5
0b2b11e8e2eff3ee65db251184d8c66f

SHA1
2209ca14b51d7def1b5eb6f55ced2218d2c27284

SHA256
952ac6adf937853d6c68c65baddd31f10e1b6f18c0686ed188f825092e96640b

SHA512
e240fbceb0a82ed0906b700e479f516b31733cd97784b0faeba604e49876950ce0393410910c9575a4c306af57d7b2b16dff249fc0daf1a2e113e809cdc919e2

Download Submit
/data/data/com.swiftstreamz/files/shared_prefs_sdk_ad_prefs

Filesize
5B

MD5
9dcf2a6f12095ecff342e9fa0c5ca72f

SHA1
c815f34691be353caa9de93bbdb00a31f62a9ed3

SHA256
4e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5

SHA512
7ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c

Download Submit
/data/data/com.swiftstreamz/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
248a06dc3f1376ce4b7b2a400c93792c

SHA1
d2e7641761e04a05234b1fa9cb1214726d277955

SHA256
7cdce2720fb33082fc41cc89938da36865684dbe16d65b6def5f7e70981da74e

SHA512
3f288af838f75f7b1d957c24fe296e5d053d37bce47772910ac6f9a4ab8d010acdef595f5059d9888ec5e60549da36a9edebe8eeb23417ad3da153b64f15b2cb

Download Submit
/data/data/com.swiftstreamz/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
c45f0bafdeef8518a06ce70392eaee28

SHA1
2b209184aa1e898d90b23e11147eb5e68dcaa07e

SHA256
a75f7756d587219c4f4b36d6c73b4733c3f7ab7217477efb76680eb32025666d

SHA512
e3db90405034becad3971ec0fd29e592718f94e07b03b8c4ac4f643427bdd80f28bc21db1729b4c1bb85c5d408057fe0e7bcb7586cb8003ab383f8b699083ccb

Download Submit
/data/data/com.swiftstreamz/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
26528d37907c1cf980866191f90068d8

SHA1
8f4eea5c426f2d4467fe20f3c175e31aca056f11

SHA256
71bc827cd658ce6664be66c8fe07c04292fd44bc9a4ee93185dabdc6c3ae2479

SHA512
f2d82f8bf579a792dbb620c52c151ed295b3270c1b15eb267ecb98e8dba69611150325942b446048f6bf0d34737583a23d4da55c65312802da5bb163beaedbb0

Download Submit
/data/data/com.swiftstreamz/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
e1eba995cbdb6afedf22fd6507417ec8

SHA1
23c10d56e99ed9deae910ca5d6faaf21b1aaa578

SHA256
87177047704d3f05cc18d9013a778d142bf9991b5e262ffae08ba5bd228426f5

SHA512
fb890c7079ffeee69a8e04783eb1d0ccd6a54699bc8d22a20cacf8fb5b3fbcc2151c9f841182dea6c4d05a4586daba9d1b7829735f41d61af3ac242e12c588b9

Download Submit