Overview

overview

10

Static

static

10

Instagrams...py.apk

android-9-x86

8

Instagrams...py.apk

android-10-x64

8

Instagrams...py.apk

android-11-x64

8

Analysis

  • max time kernel
    126s
  • max time network
    146s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    25/09/2024, 20:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    InstagramsrcsignCopy.apk

  • Size

    5.5MB

  • MD5

    a64b52af666ac8508f0c414de3284813

  • SHA1

    6490034e0f75fa4da9cbeeb378e6142e69ae3c21

  • SHA256

    0edae656db4b5626b6dde1786af67d455a843d8fa6059a5a88eeb2b0ae214aa2

  • SHA512

    71bd20bbf513faf86022d0c2ac30fcb7725884f7aab73ce6b13fbce3cf8301158fb8582ca6889d22dd3bd113545a8b15a85c3dd1cc2a6084c058dd45da902f03

  • SSDEEP

    98304:NwubXW62AALy6GqYZpcQb788aGg82Qr9pzbuV7zphCIJaL31M8UofrFF3NP2:NrXZJ6nicQHNaf8/IXrJaD1B3V2

Score
8/10
collectioncredential_accessdiscoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 9 IoCs
    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests enabling of the accessibility settings. 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • sigma.male
    1⤵
    • Checks if the Android device is rooted.
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests enabling of the accessibility settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4239

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/sigma.male/app_sslcache/sigma-abc9a-default-rtdb.firebaseio.com.443
    Filesize

    8KB

    MD5

    3c132be06208276a3370d8fdb9e75fb8

    SHA1

    a5b86bee2f29a82ae08ab7e5225a48498111ad2f

    SHA256

    c1cea8a092c82ab3208b5e44e48b9b66ffd49a8ad1b5ed3ba5cf56b3b283a466

    SHA512

    228ad3106804a7d9562ddfa034780e9b8bffba7bd82049feda52b3932d51523d5e1879fbd230c14c11bb87ec88fe79ce187216e96742c038fd07d17aaed50fd8

    Download Submit

  • /storage/emulated/0/Android/data/sigma.male/files/panel.txt
    Filesize

    19B

    MD5

    6e0075dcc0b7ac222bea767743b61a33

    SHA1

    44b3eaebc17568ca6e120747fef61521137068d9

    SHA256

    d0d1b610858419980e61586967769ed1bf001756aacbd5e00518b3b0eb83a402

    SHA512

    9950d09e464f74889ae85d70e72e57197b8a2713518bb7901b2c7b6e1ae51dc7e53547b2865f0226bfcc3bd5ea530453298512f8ecbc7b790da3339b5e05cf42

    Download Submit

  • /storage/emulated/0/Android/data/sigma.male/files/uid.txt
    Filesize

    8B

    MD5

    94b56a3db303aa25951488a65421e710

    SHA1

    7101d6b46d870067b1dcf955d4821f6e23c04713

    SHA256

    0d115224afd04783b434d0c603a817ce06cac8ddf65cdf8424650d7f57fb89eb

    SHA512

    745db181dc63dc4a917f55caa4e473d8e0472fadf86faa265a1eb05b1c61bda9e079a0827bbe82b53faedf90dcdf566d69b5d2453a4076a27d3a7d2f5867d7f3

    Download Submit