11331a32c7b4d11ad4eef9d57543a05dfa19e35c7ac5b6f7f6d618f0f74037ad

Resubmissions

13-10-2024 21:01

241013-zt4qnsybkb 7

13-10-2024 20:51

241013-zna66sxgmh 7

Analysis

max time kernel
2s
max time network
202s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13-10-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

magis-celular.apk
Size

30.6MB
MD5

bae99e1ce7fea6d85333141fb06e28e5
SHA1

87de2a7493937238e8ff1857c904302d55602e07
SHA256

11331a32c7b4d11ad4eef9d57543a05dfa19e35c7ac5b6f7f6d618f0f74037ad
SHA512

5be2213053b14fa5062e130b709179a0341754356689214a86860d982a5048535e99626a72091694af335aa16d19110e6d794cdf05f17bf2c8282b2e0dc2f045
SSDEEP

786432:gxpr7umXLHbAPYfgAsq0qdzcM+3Ite9+n043Vz:erPXLMPIxsbqF+YSv43B

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 6 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.bootmode	com.msandroid.mobile
Accessed system property	key: ro.hardware	com.msandroid.mobile
Accessed system property	key: ro.product.device	com.msandroid.mobile
Accessed system property	key: ro.product.model	com.msandroid.mobile
Accessed system property	key: ro.product.name	com.msandroid.mobile
Accessed system property	key: ro.bootloader	com.msandroid.mobile

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: qemu.hw.mainkeys	com.msandroid.mobile
Accessed system property	key: qemu.sf.fake_camera	com.msandroid.mobile
Accessed system property	key: ro.kernel.android.qemud	com.msandroid.mobile
Accessed system property	key: ro.kernel.qemu.gles	com.msandroid.mobile
Accessed system property	key: ro.kernel.qemu	com.msandroid.mobile
Accessed system property	key: init.svc.qemud	com.msandroid.mobile
Accessed system property	key: init.svc.qemu-props	com.msandroid.mobile

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/qemu_pipe	com.msandroid.mobile
/dev/socket/qemud	com.msandroid.mobile

Checks the presence of a debugger
evasion

com.msandroid.mobile
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Checks known Qemu pipes.
PID:4254

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads