5c06d1e348c9c53f392221e446fd7904b4b6f96a0faee5c1b93f76fe19becac3

Analysis

max time kernel
187s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
30-09-2024 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

org.totschnig.myexpenses_757.apk
Size

28.4MB
MD5

65fbd153db196bcf64973a7f4796cde8
SHA1

51a5bc8a5231a247e15b934cc84e81b14903bfe7
SHA256

5c06d1e348c9c53f392221e446fd7904b4b6f96a0faee5c1b93f76fe19becac3
SHA512

daf29f839fcff4074da41cca2c6f34a21b03a1571a061247762b276c0f3ab568565207a22735bb1b0b8d9efbcb2d92aab3319e038ce5d1856494fc00ee8251d0
SSDEEP

393216:L7IcVyE9LUKzOvKGO1IeTTpw2j/kB0dMbWHY5Ym3eSD5Dvx4ItZIqcQXFcjK7XdU:IcU+LUoOCHwu/G0a8Y5Y3QdUqcsF5RA

Score

7^/10

collection discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.sidecar.jar	4630	org.totschnig.myexpenses
/system_ext/framework/androidx.window.sidecar.jar	4630	org.totschnig.myexpenses

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	org.totschnig.myexpenses

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	org.totschnig.myexpenses

org.totschnig.myexpenses
1⤵
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries the mobile country code (MCC)
PID:4630

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.totschnig.myexpenses/databases/data

Filesize
320KB

MD5
31cf4c42e57518dc4512808a0d58ffd3

SHA1
33d046b0284272f8353fd74cdb636e1f3b5115de

SHA256
f634e8e5f9de009f8f75fdbbcaafd0f08f6c6df6c1706d3df346532729f8e000

SHA512
8b1ab319049a6a4ee5e4b71ec9e2fc3806c56ac0642bdc54bfc17698688feb6f782bd61fda6157284c27feb68192444fca694b7760bc0bdb825ba462e5c31498

Download Submit
/data/data/org.totschnig.myexpenses/databases/data-journal

Filesize
512B

MD5
e72220ff1b8c6d757bb807d88442c85f

SHA1
fda808da97c67aa7395103ea721339bf5f0e11d3

SHA256
c7e4f55a1fd3ffb5b76b193ad2659ff914610479942dbe8164baefb6d1bf2914

SHA512
4024507beb5352223938866c0f8ab5e068792e9888d0c6ed841cc91ba497b6082b40a9eca5fc027ec2c9d249d085f5a8efc83ffd30af516989bf6b37b895b851

Download Submit
/data/data/org.totschnig.myexpenses/databases/data-journal

Filesize
8KB

MD5
7c7290ec705171a8a4e9ad37f0eceb8c

SHA1
2bfce921ec50aae3dbe90e40936db0dccbbee0a9

SHA256
78c83afa03048c76fc3b252589f4e61e8726dbcae9f82e062a1ef0eb5e8c9007

SHA512
f4c850d508843c81fcd557277c81cab57d67af3b54924ca9a81d354e66ece2fd30f9c3f3dd23f34273642b96cefd6ae1211eaa2326c2c8ce07564ff32606a548

Download Submit
/data/data/org.totschnig.myexpenses/databases/data-journal

Filesize
8KB

MD5
c421c30f3d59db9c7a86703595b4c870

SHA1
d92eecce4c3dda3d093bb6f7421243d7910fb121

SHA256
bc2d05d4922df86aa0e55202e13a0b22572c3178fefcd0bd1763c08a756deb50

SHA512
38e7017e65f8aa4ce5bb8430663f805d426604c7649de5934c82b74a2fee9c902acc2bf16841e33f0612467866b8fcf1124cd7997f4718f2a3c607f7e0b31ba6

Download Submit
/data/data/org.totschnig.myexpenses/databases/data-journal

Filesize
16KB

MD5
2fdd95fd50b992a5172323706ebc3e36

SHA1
69b241daf7f421d042699993d16048851061f597

SHA256
fc55a475cea1fd631fb04ad38a4e3e49175e7cc77045f3e6f6b6579c25618c57

SHA512
2160856406257c38ca090386e1d5eb9edff29cb01e485a745c121fffca2a4e1cba0acc683bc9701095c1060fde4ade0eaedb18a6a7ed69eac18fa46eea42cee3

Download Submit
/data/data/org.totschnig.myexpenses/databases/data-journal

Filesize
16KB

MD5
53c2b138849c430402e408e04e79c8f8

SHA1
e7d0ca001e27f027c925d0fd812457547318e68f

SHA256
97508b43f9bb74578268d338926f4c3bfcf70ea77fd72b53715f30c296827c11

SHA512
dc43e2850387bcb7d961a5b11184e656a650e22751ac773381e2f7b682bb29999f1e7d13749f87afa8a9a0b40dc1e5463bf5986e5ef5db29472f12fa9993b1c4

Download Submit
/data/data/org.totschnig.myexpenses/databases/data-journal

Filesize
40KB

MD5
b9f0e95d73b6c68e66bab997aab3d3b7

SHA1
3bae146563a99f783a2e014a05e3826de35f6b90

SHA256
e331fb3dd437c4820b425805c88a5ded30b603c4188ae8ae61ba1fec66cd7004

SHA512
b7c438f05811d786d194af602a7b25241c8d9476618c62cba21710213186a45bdfce4e5bdd9c9b68c316aa5c564dc1485de8bfe7300c77ecd70282540f5c0c8d

Download Submit
/data/data/org.totschnig.myexpenses/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
31f8076d4d0f47026cea1e463ae76c58

SHA1
ee877868390b68555822172d23b5294adf5e2bb6

SHA256
9194233c3fffb52b3b44dfed203a57265f740ad557c865dec9fef80c2445790e

SHA512
a801a9dd54ba5a777a382213ee090e1953c4ad978fab6c0cea346dda0fe0d46bbee75299123f4e993d9e571fbbf261403ecfcd84e0ee26543291d0f8d065a0f3

Download Submit
/data/data/org.totschnig.myexpenses/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/org.totschnig.myexpenses/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
7e4e61d0281a7e39a21c67a890b0cf81

SHA1
bda57b45925810bb3a42b366c23ddc4e47c830c6

SHA256
1b2218d72ccf8f9b143df6b16f824e4c566a6c46b63d7bf3203af7080f5ddc42

SHA512
e8de7fbd69fc937357b584a2729defd9cc0ea31fa7937ec0745b08ee786b8bf34783dc0ce095fc71fa1b899546111080ab566d0094ab65921ed2af1abd5cff8f

Download Submit
/data/data/org.totschnig.myexpenses/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/org.totschnig.myexpenses/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
3106e918e54bd76e0b3d0855e84fc72e

SHA1
dca3458ecc430d7eaf9d3aae847b05f6ef551224

SHA256
8b79d10c0fdc8b6096992ba7b4cf5c8e1f7cc21dbad163fce63dfd04680d280b

SHA512
17c104a6db3699a65172470fed5b71d6947a7edbe4592573359e49dada12b12615cac04d5e6d28ad806d6f39e8af78380b3b1b98fb5f25b67783f453ce8bc51d

Download Submit
/data/data/org.totschnig.myexpenses/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
47d1af2fd23d0213e1d74e1233f816cb

SHA1
81d2da336c9e31ba6d66bf1ec5da6d4a3b5b7100

SHA256
182190754e59652fc71c5f91bdb5830b8dc4c2fb03bc529c3e86a2551f925ccb

SHA512
6784fd82dd060e8f096eefc84ce1c7f2d72525872b0612ea5d0e10f0b2f534be661ff1e838a4894e996a58cc1ba16eda7a4467b2711e941c8eabebcfa4fd2c44

Download Submit
/data/misc/profiles/cur/0/org.totschnig.myexpenses/primary.prof

Filesize
17KB

MD5
20026e7228da2e2ed91492d6dc747b62

SHA1
60170d787b621f7eabaa8de870bd03a7373d667e

SHA256
613c27164692bbda8709b0d84ffff4f38c0071a809b279a56bb807b4a1e44672

SHA512
1eae273982deb7c6f053f6894e396984a6d0e7e8dcdf31ef8f4a65cd91028307149da7a633287aceaa7adce83b121c777d54f0d239a3058ebf69e5ef53b192b7

Download Submit
/data/misc/profiles/cur/0/org.totschnig.myexpenses/primary.prof

Filesize
8KB

MD5
ed1cb3fcd6553be91ac4c35ecb187a23

SHA1
31170836c329aac3700c8f5a79545ba76b4b2757

SHA256
5436fdebee74159e89cff5be617c06f05fe999ace24484b1e22d9226ba0459b2

SHA512
97a22da4f044da92dfe60e4853fc11bc9b0700398239c74fda9f945144ebda67d5fedcfa6f4d34af43daf0f01276017922922c74f77108fc2d30a589df59f633

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit