c7c653214480136303f1bbb443e0025d64332cc98da8441ecbe66c1092cb508f | Triage

Analysis

max time kernel
17s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
03/10/2024, 16:32

Sharing

Report Analysis Logs

General

Target

K.apk
Size

493KB
MD5

381a083eaf11c8342beb5d48b3660447
SHA1

2acf9c110024d83db4205c9f1564e9c87091e3ee
SHA256

6d9975697134dff58301f2c4b47cde4f0cf19ee9c034dc7b37b1f4fad587996b
SHA512

3c012784b06b9ec5a57b4941bd07d501735fedb93c2cb04d3780246b12cdc45efd9247c990a521ec65223fac5830c7a5fd22c4d03a0ca3b6f1a8d6697e5f4c34
SSDEEP

12288:kixvZg4X/HO+0YC8zJx4+iy2uVw7q5nQhWtIKdX:Lv+4/O6fiy2ukqywt

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	tday.three.oftf.pm

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	tday.three.oftf.pm

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	tday.three.oftf.pm

tday.three.oftf.pm
1⤵
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5000

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/tday.three.oftf.pm/databases/05d4dea097d82fe1

Filesize
40KB

MD5
1130f5b53b57793add0ccc6a75494e37

SHA1
9ca8d843bbe0fbde7a5e07b548f4e5eda79ba097

SHA256
fe945d066ae6d7b3df81ed0938e31d98f22d8b9ecb9ffe813daf56cd24861979

SHA512
e72849a0a6fc32efde4984a5f63a3b9ab345c08da1a459ac6fc11f13628308ac0c4c6f1e46fca0f2a183352b2e7734e82ccdd017b5213a92748c17c3fc76cc9e

Download Submit
/data/data/tday.three.oftf.pm/databases/05d4dea097d82fe1-journal

Filesize
512B

MD5
4fc2d2097ac6a7e6254aa810ca601d83

SHA1
cf3ba6efdebd06a40f1b7277652b05cd3aadfca1

SHA256
05ef507552734909b60503dfb23ee5433f5a9b6b9060409d93d03bfaf6a60d18

SHA512
276541e24c58313f0841b28b88ffb93ad3901b22a64597cb9990888e1b05dbfcb50758e6e1d6f345b055025fdbe8ddac4ca449898d82018440578355dfeefc91

Download Submit
/data/data/tday.three.oftf.pm/databases/05d4dea097d82fe1-journal

Filesize
8KB

MD5
9d5a4dd3bf9570808388b1f071b74797

SHA1
edb420ec3adf1f0a85d3ce6792d079320541ea72

SHA256
395e3878737f2a24e88bc049bdf5f227bc293b5f8b8730ef5806dfaf09ca42b9

SHA512
4a0bc05265b113ecdca7fc431e7e07b5ea48c35ed5209a283b3d620b0109df32e0ad0066b110cc353855182d25b7e8f270b87afb265a5ba3f6d32a0ac93f8c9a

Download Submit
/data/data/tday.three.oftf.pm/databases/05d4dea097d82fe1-journal

Filesize
8KB

MD5
76ea5cf91b2230f9daad7a0f39aaddf6

SHA1
b1064d29f03161a18355e99dc79637b72c113afb

SHA256
02164bdbe8b52ce4abaf90e175953c88e085f5f4709af67d832fe35ec4c2d757

SHA512
9543296897367481607e78811e386ed11ae98fa4d013e93aca7800feda4011e5159d4fa14436587233bf844acdf6169cde54e6b51b67f50135fb27db2ecacd45

Download Submit
/data/data/tday.three.oftf.pm/databases/cn.com.fm955.s

Filesize
28KB

MD5
73f7646367b62bcb97a1883d63ce3b45

SHA1
41732b53604f47387e08080a971c6213d319cbe1

SHA256
66a8d77847ea800326e79719e108f1ccfd03a6dd6ee97cee0d0e37a9b8853516

SHA512
a1e6e9c57d9ff58a441d1bf504da0a157ef947fae655abadaf2501d73475c4415d35e30f85687356c5c5abb795de937a86e87c5ca897d85a53a5765091b78734

Download Submit
/data/data/tday.three.oftf.pm/databases/cn.com.fm955.s-journal

Filesize
512B

MD5
4db7c9fa8990a889b9f33c26f572f935

SHA1
fea0ab935975df902a65c82aee595d282ce60c2d

SHA256
691bc6279c56d425d8cafc8eeb30ce0aad66fc922bffe0a8ac5c1c61b13e1889

SHA512
827d0492cdb743e0fc046729d50518a62e4d50716ef675f9418200d936c2ec22b1e4dc8e26b06294d0f999e7bea8c47fffb3c5527863726fdd595f0e52097de9

Download Submit
/data/data/tday.three.oftf.pm/databases/cn.com.fm955.s-journal

Filesize
8KB

MD5
d2c555ae66f0051abd78e85838022f9b

SHA1
6c69141d4ed2881e0b036c5dc75dcdd02c7b7de0

SHA256
4e95ffb45312491bcdc9c485f02f9527990f490c3868c6216c2f06fc55cbb8cd

SHA512
d48c80d15b21c7cf1e864c6eb3a083186cac8f2be65dcc4448fd71c17f787c04624df97fee9358d7f1a29fa48c17723c4a539e29a80836129658a946b2a21f74

Download Submit
/data/data/tday.three.oftf.pm/databases/cn.com.fm955.s-journal

Filesize
8KB

MD5
18907c5882c56c42b16178b24e022411

SHA1
6128e86eb24011a701923b6e048ea7d7feb92114

SHA256
d1afe84132c89d5d2ab775df73c970a5b1595e94b652b37d87d39964877dcc54

SHA512
2361a3d4ab6c90079b8722b57634763082c985d7f2bc45929b35774bd01df7a6a9711efa76de850a8c30cadd6ca7d15f242a921ff2c4c2013123a074055e1ae5

Download Submit
/storage/emulated/0/.sinfo

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit