24c807cac5adaab430784fb9073241999f9c8576e9284a82f0801f597d35ad5a

Resubmissions

28/09/2024, 22:05

240928-1z1fwayanp 8

28/09/2024, 21:45

240928-1mblzsxekq 8

Analysis

max time kernel
1s
max time network
90s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
28/09/2024, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ShyFlutter.apk
Size

19.0MB
MD5

494662f7cbc136553f1035f4003a9a70
SHA1

7cc1c7fea8c393625d2dbf88331b5884e0c9f4ac
SHA256

24c807cac5adaab430784fb9073241999f9c8576e9284a82f0801f597d35ad5a
SHA512

63437e746212f89d116e70d392b34ad5bc3d9111aa821a9c0f4a4458eb35e38cf414b6e1da39c14e87fcbc45a2544ef24e20c2b5e6bf27f8f52b7aee016a2348
SSDEEP

393216:Om+aOWZcv3d1LCYM1koYdgDDSRWhbL0t+eSuk6DiUdPULXJJ/hp2hF0CHuO/C:OTjWZc/3RDoSWDac8F95NSlchF0Cl/C

Score

8^/10

evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 8 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	zip.c7f.shyflutter
/system/bin/su	zip.c7f.shyflutter
/system/bin/failsafe/su	zip.c7f.shyflutter
/system/sd/xbin/su	zip.c7f.shyflutter
/system/xbin/su	zip.c7f.shyflutter
/data/local/su	zip.c7f.shyflutter
/data/local/bin/su	zip.c7f.shyflutter
/data/local/xbin/su	zip.c7f.shyflutter

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4766	zip.c7f.shyflutter
/system_ext/framework/androidx.window.sidecar.jar	4766	zip.c7f.shyflutter

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	zip.c7f.shyflutter

zip.c7f.shyflutter
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Checks CPU information
PID:4766

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/zip.c7f.shyflutter/code_cache/flutter_engine/235db911ba279722f5e685f38b0ed30fa7e8570a/skia/c0e0b76d6d519c4d4d1be59e4723d415dd01f24e/128b43e1bf15899d8cfeeb2dc5395afcd374f9f8.temp

Filesize
1KB

MD5
0a1000f03055fc8f6ac0d66cc6c340b4

SHA1
eddf6f91bc40edfc660630fd438c590148e597e9

SHA256
0468b16de5ac7d2cbc9af73846a9c66a385a7f7c46bf978ca71621dbf2cb42dd

SHA512
c8e4c0ba6fd5e285516c52347544d220fe11926542a023c339c0ce51b9e3a671e211be665f90b374cbe78a6971663b7c27bbf850c784c15e76711b4254a84b23

Download Submit
/data/data/zip.c7f.shyflutter/code_cache/flutter_engine/235db911ba279722f5e685f38b0ed30fa7e8570a/skia/c0e0b76d6d519c4d4d1be59e4723d415dd01f24e/16db3dbc6e0931d5b29149581808cb6401ad41a9.temp

Filesize
1KB

MD5
c7508f3107811f8d9c5b693ca87c29a0

SHA1
ca242bc7a58e1de2f2541c4da86d2e549700684f

SHA256
624d8103ff836de3f9c13d669a056a002d1e05d7fbb986b4ce66532d3c09bc4b

SHA512
648777295462d80097581ca57402efeac6f87016c3612be1548d407be8992b03118dd5a4fdc4597e64c908c1e4690f01de2a342f2606259351569032ce7b3483

Download Submit
/data/data/zip.c7f.shyflutter/code_cache/flutter_engine/235db911ba279722f5e685f38b0ed30fa7e8570a/skia/c0e0b76d6d519c4d4d1be59e4723d415dd01f24e/676ee892fd18de7e134fd3acbbc8071b71631d61.temp

Filesize
1KB

MD5
475e0dcfd72f7418ad020aef04ee5974

SHA1
f477efeccc012b74e65ab6a85bb37c474dee12aa

SHA256
c3d45aca96fa941e39ef1a7dd810c1ae3f202b272d2fafae5ed3e5ea93ff3a8f

SHA512
1bb1ff9241b4a191d416d380b868c6921d64f8498e236e0862addf28e1e8cb6a68f45b3f6f11d5192507ab34d2df7a582d403fb72f0fea16ececab3ba5381443

Download Submit
/data/data/zip.c7f.shyflutter/code_cache/flutter_engine/235db911ba279722f5e685f38b0ed30fa7e8570a/skia/c0e0b76d6d519c4d4d1be59e4723d415dd01f24e/705add3ecd0197f2b88943a82db10f640105cfb2.temp

Filesize
940B

MD5
04598b97e3b7e87604904e80967a97d9

SHA1
55d491c1338831e5f444f752fa2e1d4be4fc325f

SHA256
e09703745ccdb2d7c36ac9c8dcecbbb9bb9f99b4c521a843b4d8b3ea35e76013

SHA512
69563be346034ab72ad0ee172ec136c50ad45853d17f2060c9774eb78ba3ebd82316bfda15592103971477b78cc1ccbabc9301f9c033464d1c2d336c059b8904

Download Submit
/data/data/zip.c7f.shyflutter/code_cache/flutter_engine/235db911ba279722f5e685f38b0ed30fa7e8570a/skia/c0e0b76d6d519c4d4d1be59e4723d415dd01f24e/7b39a766bda0d5dc51d4f5bec77beb90a6675b8b.temp

Filesize
776B

MD5
10d8bc5780a03823438b28792890d30a

SHA1
13ba0a3ec26030f54798e7fee49383b16c4c1d8e

SHA256
3a9d5e4d865ff2f35fdeac9b8658903a7a2e7c03ad971266c2a69fb69b27f5c5

SHA512
c8081580eb7956993e45c42f6a4f4920a7b51901ab3d5fd746436b0db3c2c0d5e7c6587d96b78ce5fc2d1267db0ff9e6e4238efa9df4ceb57752e111c4539067

Download Submit
/data/data/zip.c7f.shyflutter/code_cache/flutter_engine/235db911ba279722f5e685f38b0ed30fa7e8570a/skia/c0e0b76d6d519c4d4d1be59e4723d415dd01f24e/a34b99d0fea7226c46aef76bd20757e826c064d0.temp

Filesize
1KB

MD5
b995ed59275445b94bbc231606c2b52d

SHA1
281c1b630ef9e15d2c39f1a6fd7c176b3f9a873a

SHA256
9b7298788c5d61adc33edd964a59ca551f7373d540be4273b4da4964aecc1a8e

SHA512
b70309e9e2d05156cd88881c337dc247fe303a1ad747edf40391b6a3abfc1e20e80e49824b1cf7c14a3fc589ba0bd65fdbc87b0fa8582d22b6f39ef375f9d6a8

Download Submit
/data/data/zip.c7f.shyflutter/code_cache/flutter_engine/235db911ba279722f5e685f38b0ed30fa7e8570a/skia/c0e0b76d6d519c4d4d1be59e4723d415dd01f24e/b0d68b6bd3210ebeb488bdbc045e9d6381eef345.temp

Filesize
1KB

MD5
7c26f677c7a4e8cdb1f330af704d6e75

SHA1
3e99aa95340a90c32e76134d892fc75b7ce560c9

SHA256
6d3a3cfda3ed88002b98a337dc2d9b7595f8cc96a6fedfa669a48fd12dba6ca5

SHA512
3a8c775c3357012278cf67419b986c995ab3100ce3a6148900f5ceac5268757e33940e6722ebb5fbb5740e3c9a6017b5300def6e285a27ba4754a4fdaa6dfd9f

Download Submit
/data/data/zip.c7f.shyflutter/code_cache/flutter_engine/235db911ba279722f5e685f38b0ed30fa7e8570a/skia/c0e0b76d6d519c4d4d1be59e4723d415dd01f24e/ba2168c07174b0d952e8c7e60c17f1126461edba.temp

Filesize
1KB

MD5
eefc9b0f6086f675485823270fd43d5e

SHA1
8b5d15900a292a1d095c84af964abc0d71614c63

SHA256
ad24c7a0f34a1f5e6a5348aed55e0296084227b6201db9dd7468ed4f6c5c604c

SHA512
9b3b950639a933fefa2689461789ad1be55f43b7178197cd9133d3648f9b04712be3c9ca06be5163b470b0a309da5821b34e03067c31d779c643cb2868d710c6

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads