df67824f169f0a7ea9c4e533587a6b5043dd024f7791396f5038a4d2ce3a7df7

Analysis

max time kernel
62s
max time network
82s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19/09/2024, 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Indiaapp_MagicCash.apk
Size

13.9MB
MD5

fa615cefc1971d88c9dbe9c145dcf9cc
SHA1

de4836b23095e979069219341e6266f2eb51c51e
SHA256

df67824f169f0a7ea9c4e533587a6b5043dd024f7791396f5038a4d2ce3a7df7
SHA512

491ed5ac4305179361e1002c93163bfb7afbaa5d4b1539944c9e1611e6a7cecec93338509ba6ac6cdeb5a6ae021dd0a4f8c1168ea9f18bad1e20c860ad152e44
SSDEEP

393216:4/fa9mzKJHhjartAm8toAx13bvoYN7NL+u4:4im+5h1tos13bvoYN7NKu4

Score

7^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
Anonymous-DexFile@0xe0700000-0xe070312c	4244	com.indiamagiccash1.magiccash1
Anonymous-DexFile@0xd74b9000-0xd74bd008	4244	com.indiamagiccash1.magiccash1

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.indiamagiccash1.magiccash1

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.indiamagiccash1.magiccash1

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.indiamagiccash1.magiccash1

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.indiamagiccash1.magiccash1

com.indiamagiccash1.magiccash1
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4244

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact