023ce9a368ece43992682377d3d341b75b7b54452bad1dc90419a86fd97c980f

Analysis

max time kernel
73s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
10-10-2024 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b.apk
Size

982KB
MD5

e6658f97192b31a14f9142cdca67f54e
SHA1

900971b86950af115dd829b925fc42d51773d0b5
SHA256

e2cb52fcd8a17d6854c048d44a22f28c45e2f7d20e6f2914f735c7f268988383
SHA512

942d2b2f56c4dbb3acbad8176852426e3e461fe1b4e0689ec023fc8b59e4b41b674e62d11e385cf16eb6853f191589c5be71ed5750c5aff017e74b1c89f193f3
SSDEEP

24576:U8TnIAQH318QfU3zkEriqUfgMpULJHx+zz7ub:U82lMjrOBYSU9H0zs

Score

6^/10

discovery persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
10	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.system.ui

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.android.system.ui

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.android.system.ui

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.android.system.ui

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.system.ui

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.system.ui

com.android.system.ui
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4250

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.android.system.ui/files/eula.zip

Filesize
63KB

MD5
1a6d49d2adb9303a161a950db2de3927

SHA1
3f9a3ff691d967a4bc3bdffe6327cfab0c416ef4

SHA256
2eec668519c3ac15ba5e1c7bb8d83abb9bf935a32bde220e42a7047d66c824d2

SHA512
6459e8004f34945396fcec424bc37e34c7f86483a63a74a9bca2e9c70791cb0fda0ccb23b72944167693c7c71b418db41acd08dc83f2bf55594a02c5725fa4cb

Download Submit
/data/data/com.android.system.ui/files/mobclick_agent_cached_com.android.system.ui

Filesize
159B

MD5
58da9db17062abaf56bc18bc32d3ea11

SHA1
c2d1d3f81d9aeb41d2c646f7cb0ddf05da4624e6

SHA256
b255a73a0a232a6d2a785382222db84484f8519a482aece0525bc62c58dce80f

SHA512
f99521139be9baa51fc408fa383e4694b857e0eb9aa2479ee0766d253ed208e13436d729fb898ea1f8e812fc54103baaec843ad46b4f33ef1504bc10705c061c

Download Submit
/data/data/com.android.system.ui/files/offline_eula_body.html

Filesize
18KB

MD5
7813643485a5318f68291e87315a6fca

SHA1
207f1059f5ea34b0fc4011848fa4682608d26443

SHA256
c0487218c63d176ff68c0c6bc91866222ad9ae6420ea6fdf06790ff01a1db918

SHA512
e571984238e162b5d2c61973fa62645950f69b2a75a0c7b11d6854c9b89ab0164475c96515b7c48c8d60926c90f439e7c172d5df00b11413bd6584b0d0b3f19c

Download Submit
/data/data/com.android.system.ui/files/offline_eula_footer.html

Filesize
13KB

MD5
9818dabc2eb86d5f4f071e9d67334570

SHA1
117e7978c9293d86ea5492b90a4999cc24225dbb

SHA256
1f075332b57fdfbb9417718f3c0d9f27ffbb2c135b3291aca4b9f2911d7e9e3b

SHA512
79937390d4b02688abb0e24cef356024c3dbd3cd59d85ea3300556af59f0648293ed24fb5db740a4329fdddccf43af3b7679135555397a3adedd3eeccf5423a0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads