Analysis
-
max time kernel
9s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
12-09-2024 07:09
Behavioral task
behavioral1
Sample
base.apk
Resource
android-x86-arm-20240624-en
General
-
Target
base.apk
-
Size
8.4MB
-
MD5
d5cffe9867da6f30e270fb508c40ab8e
-
SHA1
4860eebd427379b8bf991b2110f9cd336b86fe7c
-
SHA256
e0d2f2aff69cafdaf1099e5d0a1bf3ad32413e7c971c0ffc113f6fb5b0819b5c
-
SHA512
6b653475b032ccf2b8944be4f68bcff4fc6f9eddeaef374650b211fe7b67101ecdab446df1bb6436aa42bb91dfc27342c2dce6bbfcd7c25d46d20b61115af8a9
-
SSDEEP
196608:BKBC9YVEYRq+2Bq9lIu6i4MvwTjIvPTBrOb6:BK3Emq+2GP6PMvlvPlr
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/Doctor.con/cache/natives_sec_blob1755363102103725355.dex 4318 Doctor.con /data/user/0/Doctor.con/cache/natives_sec_blob1755363102103725355.dex 4348 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/Doctor.con/cache/natives_sec_blob1755363102103725355.dex --output-vdex-fd=46 --oat-fd=48 --oat-location=/data/user/0/Doctor.con/cache/oat/x86/natives_sec_blob1755363102103725355.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/Doctor.con/cache/natives_sec_blob1755363102103725355.dex 4318 Doctor.con -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock Doctor.con -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo Doctor.con -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone Doctor.con -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver Doctor.con -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal Doctor.con -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo Doctor.con
Processes
-
Doctor.con1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4318 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/Doctor.con/cache/natives_sec_blob1755363102103725355.dex --output-vdex-fd=46 --oat-fd=48 --oat-location=/data/user/0/Doctor.con/cache/oat/x86/natives_sec_blob1755363102103725355.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4348
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
550KB
MD5ffcba9530d4f171ab67983f5d1950b54
SHA1e74f816c65dc89dfbd668d27b65b4da0cde26b49
SHA256ced12259631608d6af65bf72ddb6695d0c945bdc3f539a4e7778377f0ed25e3d
SHA512c6251e08db812b41a63476755ff34f2f4fec232e910a6a4769b0a77a281e7ad48e7cb86f5d7bd7b67b579d3e5ab770b6145600f8877d72aabe626e2bc944ded6
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD5a182deddaffcd883a74fc680020ea154
SHA1c59f9286ab1b72d79bcb719505102615d255ed04
SHA2560b8e786ef521f0085662a2868dfa0fa5982c4a22e31f3d3fd39733e1b42e780c
SHA512ded5e4a8fc1fc4deb4e327615404d8ed7c16486a46d26281b1412c144ab0bbfe96f293b0bee57fa7b936a3545fc576db1d8b33eceae2d63fa18ad2950d55559d
-
Filesize
16KB
MD5602d77328e22659015f045bb1ed34a08
SHA1ff92074786c754508de3d42b7a9a12109c09f122
SHA256e1de94c451d5cfca5196b10189f94adcdd4f56eac36a0a838f9e133375c2ecbb
SHA512a2c052f5b7c5471b8c8c3f60da63b12dd1df0c6bcab5f6b7b61d3b5e01bb63f7f5d73cc7a3ebef5ab7ae79b2a1362c9f636d90247b3e71649b91c5aa3becb1a5
-
Filesize
16KB
MD5aaa92c28adf266d0550ab4ea0194df75
SHA1facead0a606ebed5da11dbba76a865228fcf828b
SHA25612595ceeac5272cf0ebd75f557a41c8157a3025bd78fb188cfc6b3611d632f36
SHA5122713a376d6568d60f3f4caaeb13bb847bee85db4f046d26356418ba2e902af4af826caa88b407ac85a1ed4c523ba33ab0901b5b27f9dcab24fe3f38fb746f8bd
-
Filesize
16KB
MD50fb8d4a4bc122b869a7a6b9d8e5a33b7
SHA130a98b16d1c7962601d5939861b3aefd82757413
SHA256941baa872c3aadbaaf76898c919bb54c7fdf188359c14d68dd25344f806a974a
SHA512f570507b67ffe237032dca175934ed0cf5f3296f6dfae6ceaff83435ee435a0e5d2ef7b3f6ce88e1fc1f406e7b32dd64b4aa454c2239ff48eaa3f3295bde049f
-
Filesize
512B
MD570c33dbf77bee9c211e7e412867898f1
SHA1defbc9255a129229b51ae9b4462b26503a9b1eea
SHA2564d7f9220e198486ba83d7c04b629f26705266611dca59b43f9b63e1d5ec3132b
SHA512f5a30c077f3a5fc75d8b2067f0f82d9d82a1d33a03975d250d4812187b2949ca499f22fc991bbad9f5175818162aa3f372aa6f1a7e99d8772892562b9d258442
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
36KB
MD515d4f67cadcb78abc90f418faf77db9e
SHA126cdee85f8b61367d48a13839e892a7f5f0bbf4b
SHA2568fc416c1fa2dc181e781eae7e1cf9c75bf0831817e58e6f34f5803ae59393be0
SHA512f1135f87331183ca501945bca60477494ea198650fabace5eaf39fc44ef88b09f98644c8250fc27ec5bced038b60e278dc2a70ab2f8fd145b771db44e8cdcd07
-
Filesize
4KB
MD56f391feb5b44950f5ab89dee991e6c71
SHA174955147ee60a57dcd8cde403631e5937c23e37e
SHA2569cf825a378f0f87302dfa7f7700fd449c6e51dde093938b24c5f6b200ecb1dc5
SHA5124e4bdc77b5228c4824ebb9066f302162330052bc97b8d393e579d9d68a85f001371decf708b4f5315d7cc4ee0aeef7230dffa09bfd043b78e26f615fe7e2dc35
-
Filesize
4KB
MD5ff3350040163c2508e8b3511a5fa70ae
SHA1129a0d24bb20c7127f16afe8c400b8b3cd37c63d
SHA256e9e03a1d65fd6b12d10324286551d295836171aa0e0449d06f429b008b6c7d20
SHA512062909d513cfe3b929834fd810da7fe41abb09b2f5c9b4df7554d43b088bfac14f3adf745d8b4ed28d65cb2607bcb63aeca3d18feb87504bac2a8d796d0285b2
-
Filesize
4KB
MD538e85447e6dc51bcc37400fdc8b027d8
SHA11ebc2892d5db0d4a13c806b3c670171fbe47b5b1
SHA256a5e057cfbba63312a57fc4fabd634104e93655cbb13d32e4b6b879cbd9f288b4
SHA512594a00e22452eff604611d6dd83747d63aaed6e4601941e7a4746d32a8165a936d32904aa289edbe73a22109d6325ec8e97b25a1351a393cf39fc3a33ad9a726
-
Filesize
4KB
MD5c160cecd7f7947d3517fbbf414904a58
SHA165018fd2c6d8b633e4d6f46fa9ee3861afabe0b6
SHA25640e56c957a70c380eef8bda5afc5f9a8ded388e5b1db5f637cd4eff7fc6a0399
SHA512dd6877e6299bef9b352b0b67334e7d5fa72ff35dc570ba08d1010518cec1c6240686f63dd361b76a6c37bdeb1650b99cb7d2f585ccca6965aa2c5170d6c378be
-
Filesize
567B
MD549ee38b600b7c9e24d9bdf7761f73aca
SHA1fa2b37ab4b709601f6d3e23504f46204c16b20cc
SHA256c80b119bdbace23695c2070d02af422dec2a017d6cc600347756b3c4d202dbaf
SHA51276536b3fc63557f2c891d60ab992daf958ef4387e3cc744f79aa8630bc021fb95e7675a007b28c59bcbb2c81e2ce5372bb66d30efdb9469e724a412689b3eea7
-
Filesize
90B
MD56c8f228d7b7364c4ec197aadbc4d2d85
SHA1e38d8681c0e51e54053a020bdb34376942620d72
SHA256b12b77b00d9db7540ce6e1cecf1000f07216352b8dde87d25e1852bae182e1b6
SHA51212d968eaa4d99e9839cc5aae25a7aaac401a2f498449e518306c97f22240ca83e3433181067b6fc657b4ab5178de25861a31f673b140d4ac9fa5279f4f925284
-
Filesize
10KB
MD5d08c86b93470645b80e6371892c307bb
SHA162d258e4770ebc8e0ea0774cc4254229b0b57d39
SHA2566b41f67a335794eb95c9f68363d2f98a81e6934c1e7d2915195ec690971275c2
SHA512630bafe967883899311b60207322f8252fd22ca311dd4dd2932baa40869bd5e1dd644532c2ebd2711c354de12887acc947cd641bf0b40d5549471dcf0bd621be
-
Filesize
550KB
MD54ecdf266a248c661a60e78b21cac0857
SHA15cf08634f40c63bf2b48d51e13935168e465a4cf
SHA256fc42736ea857ccbcca8f65cfb9fb4d32f643be781724020026a386233b304546
SHA512b7edb37b3df48ecd7cfffc60b32d5e800e4de5ad321e91e2ac441daa2377ff5f9fc4bc37bd47c0156926556dfea35ef00e4e1ace86fe646cfeeeed957be65c92