Analysis
-
max time kernel
148s -
max time network
151s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
10-10-2024 18:18
General
-
Target
polyvideo.apk
-
Size
417KB
-
MD5
99c506d3910bc12518e6018fe87940d5
-
SHA1
f423b8797862eb17a7df018fe03c7a607947dfff
-
SHA256
f4050b9986beff80b7800ce750ce6d39051e597f024c86f4ea33e3016f61ce65
-
SHA512
05aa3cad4ab98b79fd1451a3b165cb2083956ee82c3727ac49b5d7a16759a6aac3473ac238155bc94333ab146d451ef449ba081fccd0572655ce32bfb016c916
-
SSDEEP
12288:IPP8mCGIWCWAbQLBca09eT+u9iXLP0hf9dn:IPP8nWCWrBc34T+D8hFdn
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.gaga.haha1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
381B
MD5a5c7b58e9d637ec2b75d9eee2c633dfa
SHA11e5aa89cdd565d33528e6418af5388e1019b79db
SHA256172f7a4a18aa602a1066183daa6c1539bc54a5bff5934d3c75b60cfafbbe15fd
SHA512b562adc0c9a646fa7216cdd4845bc9aae867d656137a2c6cda0da10c5ee5d46f17346654da73097bbadc3829bded877d9f24d2e1f5ce1364ea2642f0d23201c6
-
Filesize
187KB
MD58b2fab499ed1ae4e6a65b81db8843644
SHA175e1d393281ff9b62af50bd2ad51a3bb01641517
SHA25617106cb4686d5eeac9246cb1d219b202f2b1f3958eac1551b205c599924a971a
SHA512ba3d57a0df75f9fe069994e755f8057dbd5895cdf157900390a9a7e2bf51f9f77b04a4a24a68186c9afd2af278158b9733d29e966cec82db447acf4db7be432c
-
Filesize
187KB
MD5205fe9ba67b46c4c369adc1e689f05bc
SHA18a6d40ee4e6fd890d6ba79e38a2265cbe3363ef2
SHA25676bf2a99ee9ffbd6d424ce55243e06ead91725832b543778215dd1e2dcaaecd6
SHA5123c5703da2be0c9d401c118e9a6576e8cf18cd05d726f8b5087ee1aebc9f234e1bcfd12bb3453a3b4cdc9de78f6a9be476e4bc32baa9591cad9492afc80619be5
-
Filesize
72KB
MD5d1c52d7168bfcdf6863389bb76ee89a0
SHA1470c18510971686869983da951bb6b520bc6cf18
SHA25612d751e45fdef1fb7b55865c11cd9923e5ad57642e68e55d492467bbe3a48491
SHA512cf1c3cb05d395cd65eb8f172c3a63376f0d94df015ea15c17e36df2bafeb5d5d1785d03e0170efd8f140dd21b756eec13b460e9a6840b56e7b6e4f9a8aa4d357
-
Filesize
512B
MD585ab47b2fa0b482ab7fb96727ea5abfd
SHA1d2d95284df0c76479e691f1486b2d42f132e61e9
SHA256e9a40146e55aacf3513f9dbf59ea6ea6011ec6b1d2d806e7340f6057a0d90d99
SHA51234913e4064e9a4f9ae2e9a222f4759317af8ae83f79012bdc97a43b0fc3db99bdce30a868e78512718bff287dd5a05675928b33d0d2da37cc14bf51d4346d1b8
-
Filesize
8KB
MD561f4bf8fe986a1173d28281736747281
SHA119dd89e53a58a6fbbeffde5b7c98f29da9ebbde9
SHA25657965e93b0cb38b264c7cf09e1c0917c726e44e6e0a82c773d0e2e4c2d036cfd
SHA512af8b9398d14471e0c06defc20c5b98470a7743e124369527c55f7cdcc7190b0062625d1fc6720b1a70f830c3a35fdd4ff2f48429cf4cddc87b82a2e23d0dbe7a
-
Filesize
8KB
MD56c62dfcb78d1b78b7994eb74498d8b71
SHA1836f2bbbb8e116ef7c873cc546e59ef9bc693fa6
SHA2561f4806ae3ca791585801e6d77481da9ce012a5fb21a69601d91b5d22b3575173
SHA5125be3fdd2405a0161c63d98fae081cae66f40f27000b3fe45d54657a9603708bbe0f9e5163a8fdbe3a68eb1cd3c1a7d1b4edf05ce95991afbb7f65281c75aaa05
-
Filesize
12KB
MD5357fbf14b501e7d3d81ddc7008de7aff
SHA1d6cce1d5cce519ec8d3210c03c3a04c8f1775e03
SHA256533192cfd3a4e72286cbee4e27e3142b7aa3e7c9ea851e0854a47e7597fbff5d
SHA512c21e43e502cef856e11487bda925460a7ab1515f119743ccb89739b0d759725d3b16dd665c8b5ae1605a56354d909d509902a75fab2af8fbfa15b10f28573d4e
-
Filesize
398KB
MD56433e446614644586fe9259d11acb08a
SHA1a456afdd1fa81c878d0d2b69ec609baa1f29265a
SHA2567b67244da231d8d026aeb4a877dbafa0915b6afc96ee36d1d1f2da49007360f8
SHA5123362ffcc1838d7b3d282473abee63e653b6705901719cf03fba75f9e9f375d64895b7469dbc8928fd519febedf1b1a767515cbc474fdf2055c44ec63a41ff08c