ae1e42d7d5c0f691e8817063c21bdcae6b532438baf7d319b6fd184c144b9977

Analysis

max time kernel
149s
max time network
150s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
12-09-2024 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae1e42d7d5c0f691e8817063c21bdcae6b532438baf7d319b6fd184c144b9977.apk
Size

2.6MB
MD5

86cc1db7566117ff9920c17113a70f5b
SHA1

a7fda01e742159a1c96ad7835e5c00bac8664536
SHA256

ae1e42d7d5c0f691e8817063c21bdcae6b532438baf7d319b6fd184c144b9977
SHA512

a01cee7ee1a78270b56cb3f5d79862a72218f4069863f35461540aa638640ef655d6a6ab18de5554c2781a2673cffb3e9a482d4318807e3df92ccee26b8fe2ff
SSDEEP

49152:XZxPo+cHiuOVHCluVTpQ4NDjrBh0EjQfuKLyBcrr9TMPuNmDiWimUXMUywZF:XZxPo+I5OVisDjrBaEjQWeyBCTM2NmDK

Score

6^/10

discovery evasion persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	wyg.smyd.imym

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	wyg.smyd.imym

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	wyg.smyd.imym

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	wyg.smyd.imym

wyg.smyd.imym
1⤵
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4214

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/wyg.smyd.imym/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/wyg.smyd.imym/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7f0cf902355ef6981decf4e0b6a7edeb

SHA1
9cd03959cf1563991d8db3e1ecb5bf8679e216a8

SHA256
00dbb3a8915ac2d8684cb315031d752b8b29f61994631391117a45222cc2f12c

SHA512
ca7e6ce5a2a74ac97973ad206ffc135b2975c50d7d21db0b2b5adaed5c6fde333dcea1e3c5f0bc085ee8917efbcad140d48e358f681b0a44f1a9ca364bc8d8ba

Download Submit
/data/data/wyg.smyd.imym/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/wyg.smyd.imym/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
f1d77641668ee23665be84103cd9ab14

SHA1
139f949c4db84b9c2b20d00523ade0f27658c2af

SHA256
eb30dab460cf52d215b9b7b4aeb89008d8764f95799051c148c9aa85f2a662b2

SHA512
d61c47479bca1360dc74338119b6d107ae43b1d55a1f9325d2bb6002d00de3823989bae1b2335928997be063c1ffc2b12c11aafc64c15ad17e03385d8e28deb9

Download Submit
/data/data/wyg.smyd.imym/files/PersistedInstallation2129928009800032079tmp

Filesize
90B

MD5
b60cb5a48d5d325f3a55d06c6777676d

SHA1
956c04a1dae6f51cea7b0761afe40ab0f7e6a234

SHA256
ee46378310c285b92174c4f4aadcdc1501279784e947fed6dc45198495ef7404

SHA512
fabf630fc57558407a1623df04ab75f21b4d87ddc8e2bd97fcfb56412b7dd274749875092cf52a78aec17417d703416e8b0dca8099f53a907bdd02f00cd8978f

Download Submit
/data/data/wyg.smyd.imym/files/PersistedInstallation3723734287431709894tmp

Filesize
569B

MD5
496b38ad169998be2842251cb92ac236

SHA1
b83dbecadaeaeb076913d1c5d9597691d20ca84c

SHA256
2446958eea81c5eb53e849eab186593e41c4a91c5a0031f55395c4d1299ec975

SHA512
203049c08a77798d4115fce527bd6b084a5f21cf0578ed3b26c344727d59ada9cbc17704a0083aa2340f09d6d18bb914895364fab8e595a1ce0c06fe9ec3066f

Download Submit
/data/data/wyg.smyd.imym/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/wyg.smyd.imym/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
2b4eea244556a74c616f3469057f17a0

SHA1
19b8d92578771e54210fa3576355f07e5c5b1315

SHA256
8d78e84b6074fcbf861ef526cefe09738cc90a97c7fe673062a385db611a36a3

SHA512
494787e29080c21b2fdbcd6a8bf8a1cab8e759cdf9a9d1b4c02cb54f56213b6a6e40eab9d0b176ace40b900ddb8aa6ee0a8e081bb47dba8c97712f7224e65834

Download Submit
/data/data/wyg.smyd.imym/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
86de66e13641487642b09e22a94024e8

SHA1
20019145d86fb915a0122cd45eb93a20a955dcad

SHA256
0cb68ee288b721d83b90ef70635edc31a204a58d1aa6fbc5ea12ef9d1e25a102

SHA512
e4c55d17d2fa2b5f8d9fc9dff3587255b1abd27afe24ac1ba10dd5e49d2d45b001f92f15f37052ee9a4bcbc0c6496d4d46163f79ccdf49002d7644f0d6efa738

Download Submit
/data/data/wyg.smyd.imym/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
44104808ef029ca476bce05d6bbdaa08

SHA1
2b8690a8958a8e03cc72f9298df8132ff946217e

SHA256
69f47d820fb207fc2d37aed6ae77055dcd6117e628c3b909ff6deda590e63c3e

SHA512
b4fe174443fef4a2765d8a7674c6179633ab0e60feb1378506f254bbaa8d7be303ab2ba719f4c9515be4c96a1ea91bc29f5c5ef088b070d89be12fead07cb55a

Download Submit