Overview

overview

10

Static

static

10

Instagram_...y).apk

android-11-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    140s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    25-09-2024 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Instagram_src_sign(Copy).apk

  • Size

    5.5MB

  • MD5

    a64b52af666ac8508f0c414de3284813

  • SHA1

    6490034e0f75fa4da9cbeeb378e6142e69ae3c21

  • SHA256

    0edae656db4b5626b6dde1786af67d455a843d8fa6059a5a88eeb2b0ae214aa2

  • SHA512

    71bd20bbf513faf86022d0c2ac30fcb7725884f7aab73ce6b13fbce3cf8301158fb8582ca6889d22dd3bd113545a8b15a85c3dd1cc2a6084c058dd45da902f03

  • SSDEEP

    98304:NwubXW62AALy6GqYZpcQb788aGg82Qr9pzbuV7zphCIJaL31M8UofrFF3NP2:NrXZJ6nicQHNaf8/IXrJaD1B3V2

Score
8/10
collectioncredential_accessevasionimpactpersistenceransomware

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 9 IoCs
    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests enabling of the accessibility settings. 1 IoCs
  • Changes the wallpaper (common with ransomware activity) 1 IoCs
    ransomware
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • sigma.male
    1⤵
    • Checks if the Android device is rooted.
    • Obtains sensitive information copied to the device clipboard
    • Makes use of the framework's foreground persistence service
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests enabling of the accessibility settings.
    • Changes the wallpaper (common with ransomware activity)
    • Checks CPU information
    • Checks memory information
    PID:4487

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/system/users/0/wallpaper_orig
    Filesize

    172KB

    MD5

    3d4ff9da31018857dcffcfce5169c85a

    SHA1

    53043cbdff4365ee55c2301950d89ec4d712ee17

    SHA256

    de5e27c41cfba5852e2226c054cde0a427a3d9f26f0f79eabbeb7f5e8ae3b7ef

    SHA512

    f02786f18346ccb2481ce70396280fa2a1876f3811c67f8ef77031f89a8b5ff00e3e6413a24e4983bb46343759e01df6078b8e5b4a40f3603018079ed8a1f62a

    Download Submit

  • /storage/emulated/0/Android/data/sigma.male/files/panel.txt (deleted)
    Filesize

    19B

    MD5

    6e0075dcc0b7ac222bea767743b61a33

    SHA1

    44b3eaebc17568ca6e120747fef61521137068d9

    SHA256

    d0d1b610858419980e61586967769ed1bf001756aacbd5e00518b3b0eb83a402

    SHA512

    9950d09e464f74889ae85d70e72e57197b8a2713518bb7901b2c7b6e1ae51dc7e53547b2865f0226bfcc3bd5ea530453298512f8ecbc7b790da3339b5e05cf42

    Download Submit

  • /storage/emulated/0/Android/data/sigma.male/files/uid.txt (deleted)
    Filesize

    8B

    MD5

    3ddcfd9b68b8b2ad0c320205484c9173

    SHA1

    664f6671452fcc3b494aaa19c0ea8c1d4db9e4f2

    SHA256

    3b504e294fca6f3b33893230c8660701e001c52037c49fb869556c71c8b59e11

    SHA512

    17e497d8dd12d3af6e3c46d498c1eaa56c813ca9a76c2e2d322d8cf5d34df1b3e53a6167ceb86934b2a94ac4ed6c340929f0a2cb67cd432e855a2773b91e9088

    Download Submit