67479697b84c6732a9bb4df731b28bac95f34340f4e42bef97066679ae0131a1

Analysis

max time kernel
2s
max time network
128s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03-10-2024 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ips_p2p.apk
Size

3.8MB
MD5

612b9e01885aeec495b618f1c47bb3e5
SHA1

28e7b381c560e8a462b18fb1e43d1055ced686c7
SHA256

de61201ecea2be230b5d6424d737329583c370cef4025e105986c9e0732d0d98
SHA512

6c98cb630dbe28e432098cbe33368cc0030b3ab069a945b594e2e20c2f08b7ccb2aa346134e262604a83c87a2acf7b0188c68f619c73b30433bb36a4e2ce755e
SSDEEP

98304:SQncbTGjkFVM0npr5+nrWayAFvGYUz4dXSliZWO3me2g8qSk6Vmx:SQaTGjgpr5AyeVG4MlKWOWHcJ6V0

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 6 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.bootloader	com.ips.p2p3
Accessed system property	key: ro.bootmode	com.ips.p2p3
Accessed system property	key: ro.hardware	com.ips.p2p3
Accessed system property	key: ro.product.device	com.ips.p2p3
Accessed system property	key: ro.product.model	com.ips.p2p3
Accessed system property	key: ro.product.name	com.ips.p2p3

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: init.svc.qemu-props	com.ips.p2p3
Accessed system property	key: qemu.hw.mainkeys	com.ips.p2p3
Accessed system property	key: qemu.sf.fake_camera	com.ips.p2p3
Accessed system property	key: ro.kernel.android.qemud	com.ips.p2p3
Accessed system property	key: ro.kernel.qemu.gles	com.ips.p2p3
Accessed system property	key: ro.kernel.qemu	com.ips.p2p3
Accessed system property	key: init.svc.qemud	com.ips.p2p3

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/qemu_pipe	com.ips.p2p3
/dev/socket/qemud	com.ips.p2p3

Checks the presence of a debugger
evasion

com.ips.p2p3
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Checks known Qemu pipes.
PID:4240
- getprop ro.product.cpu.abi
  2⤵
  PID:4265

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ips.p2p3/files/libexec.so

Filesize
439KB

MD5
89e2834925a8ae24df92c7a85814f6ce

SHA1
b7a78bb0fb2e97f04cd1475cf877924177e0335d

SHA256
6155aa55ea74976e8646fe4109787a7b387096e01a779998eddbdbd40e0f09a9

SHA512
06d9452b11ab61c3c28652b79d8a3a375d3d302b83e38628a2bdb18a6a2b0b74cc1e43ba497fba4ef6b007ed7d87bec8471cb9b5c4e8501819b37113d79cfc49

Download Submit
/data/data/com.ips.p2p3/files/libexecmain.so

Filesize
5KB

MD5
6b5a5d931c2021fce5181dc6d8d4659f

SHA1
4e7d8ee11729c7a68ab0fc7a43688f3ffb20ae5a

SHA256
61c3ee72afffec16e0f3d5be7814ed827a47447a75b62e3bbf446216e89fc49f

SHA512
10334ec010a1f5fb2ed39f2dffe68ab6366a642706b7d53ee3b25d051dc887fbd49a602132dafd429c4f09b895b0915bd9b9f00f925dd35eaf5a42d4b2f74a59

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads