1e70d1f1efb4619d7763210a634b882d3b442fd3eb9e389810b949017c2760e3

Analysis

max time kernel
133s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
10-10-2024 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

polyvideo.apk
Size

417KB
MD5

99c506d3910bc12518e6018fe87940d5
SHA1

f423b8797862eb17a7df018fe03c7a607947dfff
SHA256

f4050b9986beff80b7800ce750ce6d39051e597f024c86f4ea33e3016f61ce65
SHA512

05aa3cad4ab98b79fd1451a3b165cb2083956ee82c3727ac49b5d7a16759a6aac3473ac238155bc94333ab146d451ef449ba081fccd0572655ce32bfb016c916
SSDEEP

12288:IPP8mCGIWCWAbQLBca09eT+u9iXLP0hf9dn:IPP8nWCWrBc34T+D8hFdn

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gaga.haha

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.gaga.haha

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.gaga.haha

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gaga.haha

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.gaga.haha

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.gaga.haha

com.gaga.haha
1⤵
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gaga.haha/app_ttmp/t.jar

Filesize
187KB

MD5
8b2fab499ed1ae4e6a65b81db8843644

SHA1
75e1d393281ff9b62af50bd2ad51a3bb01641517

SHA256
17106cb4686d5eeac9246cb1d219b202f2b1f3958eac1551b205c599924a971a

SHA512
ba3d57a0df75f9fe069994e755f8057dbd5895cdf157900390a9a7e2bf51f9f77b04a4a24a68186c9afd2af278158b9733d29e966cec82db447acf4db7be432c

Download Submit
/data/data/com.gaga.haha/app_ttmp/t.jar

Filesize
187KB

MD5
205fe9ba67b46c4c369adc1e689f05bc

SHA1
8a6d40ee4e6fd890d6ba79e38a2265cbe3363ef2

SHA256
76bf2a99ee9ffbd6d424ce55243e06ead91725832b543778215dd1e2dcaaecd6

SHA512
3c5703da2be0c9d401c118e9a6576e8cf18cd05d726f8b5087ee1aebc9f234e1bcfd12bb3453a3b4cdc9de78f6a9be476e4bc32baa9591cad9492afc80619be5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads