Analysis
-
max time kernel
143s -
max time network
150s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
10-09-2024 20:50
Behavioral task
behavioral1
Sample
B8U76_.ver.1.0.build.1.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
B8U76_.ver.1.0.build.1.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
B8U76_.ver.1.0.build.1.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
B8U76_.ver.1.0.build.1.apk
-
Size
2.6MB
-
MD5
55b1be60416ac9bce81425afe1e235a6
-
SHA1
38c6d769f098f056d425b7b4bf4b5f722049a976
-
SHA256
585a58a92e4cd71abbb7aedd297f263c934439f903759b00d546a9cc2d460ce1
-
SHA512
dbca326eb90a340da6c6436b0ce60bc8aad25aa82cbf954e9e8fdc03d7745cd2cdc3a174b53152a6d3ef71697bfc615583d719ef8035addf003962d972c775c5
-
SSDEEP
49152:b3NJLWUfhWPB6NMAKQKNiJhLbNRdZ3jZ9V8jaffHTY0r:jNJLWsoPB6EH8JXhV8+XTn
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.nabat /system/xbin/su com.nabat -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.nabat -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.nabat -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.nabat -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.nabat -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.nabat
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5ee3adc968e45019b0168ac213718b5c5
SHA1940ac4c43da4d38a96f5e453777dd7afc5f577ea
SHA256d3fbbfba9d40306894c93941c1fbe395163ee9e2482a65d701fcb4a5478b4ee0
SHA5129bcc5a63ea0bd2d2dbcaae3605eaa782d7243d585dda47019797f2e0bcf9aa344be5adb406c0ba2fa40a4faef1dd558eca56f03223e085749c20069d08826f19
-
Filesize
16KB
MD51b8ce2fe0f9d9de557410ea7b13ed797
SHA1899b7589a002b1f75bd48f408abe68223535b882
SHA256409e8238465a2ac0163429a02ed6094769e53126656d53e58d1b8e89ef820ba0
SHA512d4377af018ff5fba36f0f08f680a0057a0fffcab498174d545eb9c0c8fcb6bde572ccac3e14bbd0af809c461623cd099dd0351e025c2c1d6496901a925e30a7e
-
Filesize
16KB
MD55679c6bb8654196b883021bda19b8f29
SHA1f15eae50c353fff5fbe6e53c15352cf359289916
SHA2564a92c720976d187d9fd29c4e1c0a9352a6a4435b2ea40a42d442c7745eefd89e
SHA512ed2411f50ba7a040e43dbe42960b347597f692d9ad4fb7c04fef031dd73eeae599c8a92c9e9d9ff3866cc8c824138efa2ebdd1113250eec10367b643f11a3b7c
-
Filesize
16KB
MD5cf20d3b7be66c79c62e4f6e4dfc24a09
SHA10e67e254c305eee90d0452dc239f1eae66390578
SHA25600f22e16994d50132c6c25c306e90eb066cf9eaff26d2cff3bbf89f83be4ea35
SHA512586c897831e500d538bb55eed588cbd87450986aa6fc9b92647886b2d6e5c5556ba5df554daad799437eb26ad2cd10cb0a88c3f0a262a6e155ef0dce39a299d6
-
Filesize
16KB
MD53e881d9a01ca707bed38018ac69f4518
SHA15820f9351d7cc8082de6e5686eb9f8fedf6fb830
SHA2564a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c
SHA5128f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
512B
MD5848a4ec05a874cd15d72070de2c31474
SHA1fea2aaa2a4d7de23ed64ca096f4635a8f99f98e3
SHA2560070b2baca668cf780553a2faf37bd3a67d55fec2443a5fe7f2facede805ab37
SHA5128de73cb94c69d919f6e9b3b1af015f3addf02bd3c7b9dff33f192982df6689b4929085ce9e1c05d774009bdfde395ee23ef5fede57822795b581f06bcfca5656
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
4KB
MD55c6a34028eb3c313321daa0530bb6551
SHA19e0e80edf03b70f7de6b6a4c5d94ec18c55adcd2
SHA25673a6306c8e2244d8516121ce8bbe5a2e7b8c641af8c0d645826310fbbea45867
SHA5121ecf130afa3d7dea692dd9b61670e9bf4124e31963c1f7872f44eb96881dee65cf8098530b7fc9cf6e7736506cd21b79f3dfa74554a8b56e44ce934ffd0b776a
-
Filesize
4KB
MD5b62309fa1259bbcb92eef1d1f0ebf560
SHA1a656f91a0f3b8a07756686354e1868216c2821ee
SHA256ebcc0943d7c14e7b250073f3dc2c03c3be09ddeb5f700d70856e8c7354314f34
SHA512af01433da3571695bb17118df867d01d05cc9bccaaad407c729dc5086ed6f057a3abaad8c20aee41ede5a17fc9213a4ba9a9392c208c8298000f3d459fd2a176
-
Filesize
4KB
MD5c723970ddbe62c3e66d9de0eafcafc1b
SHA1b4ad065afdcc81f4a9441ad65957c28b4d05e548
SHA256b7170f208f3c83359366ff147bc5c5fb78f991bfa78ae7cf7ffaea3fe60ad611
SHA51298825a5a5bb9c51e318c875f3fa280284e7c8e977f2405a35dc7b2bbd5573597d85d794e28d5019cd27c4fdd9955b54536eb8dd0aa09ac726f76f066905896af
-
Filesize
4KB
MD597f567e0837478bf5416541ac1f7ccc1
SHA130fa0d0a1773cfe32dba91c608b10739bbb6e809
SHA256ca7591c43212afaa38d7be4b5e00fff169929211809cd5a3167d6f586d338eed
SHA512ea5c285c9d4fa52c7c3489b5884289c46b9ec94599d443891e6029c599604a91d67edee7d2f9de84154273d08522fbcba94afac7597f25b173de5425e967c677
-
Filesize
4KB
MD538c99804404b13462bd6143eb51a8c0c
SHA1b80da3367f43b08ca810d34cdf07b58d186c42e9
SHA2566b32ab6ceab45d41d4df718c335b037851e5f8455a06a02588e1cb630c0a952f
SHA512435f1fa3a0ff7699c60aadbcc077ec769639a6141ce479372ba48971a7e5fb0b8856e3c862bfc9f43c76bbbf666c698a2901a97ffd9711489dd97e0aac97b411
-
Filesize
36KB
MD59b926e50711fee047a4492709a8a6827
SHA1af953ca5ce98d597f0e540b2495a533d06693ca0
SHA256bd59458c5f763d94bb36546b44dbde4bfa4950745136e4a01aae793202364ad8
SHA512b01f51841f7daae6fe73e8300dfbfb38f5c0b5376ded51789a641dc4c04b82f23920581e4ad82788e40881084167191fcbc4531fdeea967773837e0a9e204401
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B122037F-0001-10A5-99C872BC018FBeginSession.cls_temp
Filesize77B
MD5683f74ad2c5d95e2cd9c87efba65d7c8
SHA108ff21d05a88da2a2089425f750f9cc4bfcd38fc
SHA256e9d564e3c4eb89fadac0f47b407478bf44e274c200207125261c79816c1e7305
SHA512d5d910c24eea6e132f1d75c594780a8ae21e5ab24ee176062ffcb3d8b835862c8c0a28db5624efcce503535efe05f6ac5970f0af19840f7cffbf2910cc7a64b2
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B122037F-0001-10A5-99C872BC018FBeginSession.json
Filesize132B
MD5d22f2b28bbdc70bcd8296be1ded64bef
SHA115c1b9956f49bee3639867db3d7e915ed7797558
SHA256d9e0a0c81df5a2bab70e4f79506610a28bfda81b8ac4c0b63ca1c8651ec9b0b4
SHA5120bd4fcdd6ef370e7dc5b58dddc121bf2ed15dafdffd26e9c862634f4a115ac576c47d88c32d86829678016f854061cdf3e5e3e3a5baefb7b82af553f4994c855
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B122037F-0001-10A5-99C872BC018FSessionApp.cls_temp
Filesize101B
MD52f8cef55aa3fbf005e4e6d1335a6baf2
SHA18aeb4320f010346752ba8b07437157475d1265cd
SHA256a8e1d859541b68b3fb56aaba2d6772b73c8c1ff14ccce8e8feba64f47883b688
SHA5126873051b82583be2b82ab6a77e32fc0e8eb5b5cc3a3f07f19755f34a4094023f9b7a9f821045f4d29bca9c4bfe58b810d4bc9a1b7df690e53edec86070c6a768
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B122037F-0001-10A5-99C872BC018FSessionApp.json
Filesize215B
MD5dbb2512d62366c48ab524159c7a15264
SHA1ec5214e5cc1485e80e4fd603df4d8898be7ac46c
SHA2568e3c44d91a569511d2c2f71e5b9f09cb26392648478e0092f728b299d9729fda
SHA51246894a90e080e0ae8d6d5fd6da776113f9e46cf74f1e6344e2a3298246169b381f98284ec7e7905003831b0d7dedafdbd3b03a47178f6a885c93c69eb80679d9
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B122037F-0001-10A5-99C872BC018FSessionDevice.cls_temp
Filesize48B
MD5cf9cb0612d588a1f71b63084cea67316
SHA13d035bb92fd3f8997160cf8025c40239af74d3ca
SHA2560d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9
SHA51270f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B122037F-0001-10A5-99C872BC018FSessionDevice.json
Filesize202B
MD575db92d50c80a89e068550028c62acec
SHA1d78ea55f5dc682e4da456d26383249f608fe894f
SHA2561dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2
SHA512dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B122037F-0001-10A5-99C872BC018FSessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B122037F-0001-10A5-99C872BC018FSessionOS.json
Filesize54B
MD593023624eb8dff5c20050da136aaae0a
SHA1acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579
-
Filesize
390B
MD5cedbfed691e7d88ae6bf29ffd046eaf0
SHA17f3996c9bfd1e728ae2b8d9398b00cdf1b230220
SHA256dba1297cb0ea5fc3287d12502a31bee0c1fa83762adcc84bc93be3cd88833eb9
SHA512888786295e06b2d902fab6a7f50484e40b21f7f91b39ad8b0b28eb0ed685a761d20909fd6216dcec990f6b9bd1eb6dc7fa74e78ee9deed0d4a220396071f136a
-
Filesize
757B
MD525c9d63c3b8932b1460697f0740b6abc
SHA1989e7a38449f940772dde265f615a7ab1056a268
SHA2564fe7926b0752427275b3274cac710ee94c39d06dc518b678e1dca48fdf435cc8
SHA512e7db0c577750ba25edba1b3241af6c248c774bfeb8c299c2ca4a69940cdf8bd761a761cfc2fd5b1cbdbf6b47bc094c2eb440cf6910039d44a0b61fc5b08ebd1d
-
Filesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_6053fcef-7a83-4d71-9a2b-84efecde3834_1726001445192.tap
Filesize323B
MD546ce198d71fd44e084e155296ece9ca0
SHA1b251a1d5df0c74fea4131e1633a899723a3f5317
SHA256ff4632955786d74fdbd1f0fea38947e2be08a2f41965ea07c5441e8c161e4bce
SHA512bce4fefce45c8737ac018b5fb9c084617ccf5e53e118a1142bebfeab36471c777ce47c48ae16250fec8ee09a943f7648874b5ed2f8ba2c44dc41a4ed8df92042
-
Filesize
561B
MD509d7ad110d9cebb034585598c28bdc92
SHA1adcdbdb54e4c927ca545a9ac579327daeb66deb7
SHA256987584940d5b26f5716fd006ff736489cc4c259cf800d233690d7a986a5cc25e
SHA512061381bcb8736b22e6cdd6b0341cccb3437d1cc362477cd5ad7752a6fd13f7518ab0e7edcf4a08e5610aa754c9f902e5e5b16dea5d4576f0473e56c868ccbde7
-
Filesize
90B
MD5b5d10e3b6ebb84e1db74528259eaabb1
SHA1872a080d44bef51ca5c361529f00d99f3e0f1351
SHA256d9be892ceddb419a635dd3ce343318692c222bc11588448cfd4f77de50c57267
SHA512dd5f5d6ce1ffa463f5a151dd21bb459dadd505a21ffd860adf327cd38c138c27444d879ba4f267438c64a2eda1f4ba24ec1fa04bae77843de9484884836092de
-
Filesize
163B
MD56cb3fe598198c20c017e875b95da274f
SHA17f1e888ceedb20376cbc5bdcf288aee988381913
SHA2563c35e9c9665cc3cfe295726dcfb05c55fef396eae1e9e2851a636e7e730b76cb
SHA512d4438ac04775b9a1df53a992ad2da4976eaa79533ea9a60b1884051200217d96a513b0e3f616b9bd13b71c42d88f907077e89a303faeeda61189c097c4e231cb
-
Filesize
4B
MD5b326b5062b2f0e69046810717534cb09
SHA15ffe533b830f08a0326348a9160afafc8ada44db
SHA256b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
SHA5129120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de