f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778

Analysis

max time kernel
123s
max time network
88s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21-10-2024 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

7.0MB
MD5

d2e511a1e5836f0557c695eb23307711
SHA1

7e0c6781b9b560dc958d38786419f5a09dcf3cf6
SHA256

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778
SHA512

56e6f6fa644e564533f0727dfddb3b22229ddffb550a8f72db58071bc48b936c3717f61a06071976b0dddef7c5381119e2e2f9f6f44c3490fbbe33bbe96c4527
SSDEEP

196608:debHCUOigkvgP45yCG8Ii8Z1v1oGKoBbq27:d8iUODHrG8jdo7ow0

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	bot.avesta.uno

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	bot.avesta.uno

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	bot.avesta.uno

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	bot.avesta.uno

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	bot.avesta.uno

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	bot.avesta.uno

bot.avesta.uno
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4256

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/bot.avesta.uno/cache/2

Filesize
33B

MD5
6167a44fb840e5ce964d679d71380954

SHA1
a2de5201620d3618e11923dacce4e06c10f19043

SHA256
1858868c14858ddd3e4eae688c67c46d9cbea98049701987bfe3f02491009240

SHA512
f492fb8e88c3cb3d2ed1aeaa2a7f487c27e5254c6be7c9199dc101d29699505b9ae83c3963dccf469df585b429fd33e72f7e95cf0d046429d20bd09d2f949125

Download Submit
/data/data/bot.avesta.uno/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4dd77a5b6a795c949815c722006e5c73

SHA1
a87766f0877c1e50fdce5b13ca7df00f2829f816

SHA256
3b8bc34140c8504c6c66498aa898d4c4ad5aa1749d178603edc0343dac3b4cfb

SHA512
648b4d8cfc6d64c27411504f172340d5603e83ae419298167ad86714a8df8d4fb033a5d197d7bc3799517b219246fb57c59ff274bd41245fb6a070d6ef367b41

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1bee1ca867c71a5bf7b53281a89fc9d9

SHA1
cdb8ecc9601bdd2c4d9eef43f08a6992c3a51613

SHA256
fb4f2dfd07d65f56d53df466e639fc2a7d0141f06874bb44e634785beeee9390

SHA512
5522800e48ad82bd54b3c82d213594e9ee8108fe7885dbfebf723d4e834c8d4d56fa7ecf6ef8261f0dbce9be0e3d3e742a05740fa04e67781fba657aed8b6b9f

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f8895e06f5bf5fbd698e9b8b4509ac14

SHA1
2abb40fcc53d6d857dc943bda48b4a09e68ade07

SHA256
4c250bd7036774d70e39a95d3d64708e3b79738d179848dfbf41b87e060ac201

SHA512
810b3d4e32368714cf7208b6e4f0a17a8a868338f12574ce92ffbd25b73089d202061e599be197161774075744b727e945411d7178be28f4e9362766625f74c4

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
388f42aba1216afe82ed80c305e23f60

SHA1
89339d131d1dbd55f9ef4b9fcf0373f2d74be58f

SHA256
bc7b1c3285cd8ecd96f9e3ba3abc6ea6eeb7e2fc03f9eb6898112a3fb0d79100

SHA512
8179eafb4bb27f913fad3c0ae3be2e3fe7e656eba8ab07d25138a3af5668583f9a56f5a3e6bd17b64351fe078c22a57d817f25ae2089046e5c571d857c814271

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
53594fa26c7dfa2c14182740b89034a5

SHA1
a96ed17a0d54b57a48b8820d829b5ef2e9f5129b

SHA256
026268b97b5367ee8ac3cff18907e6b2c37a2a468a2f4ede927d495c27453209

SHA512
912b6c61a7ea05de8d661af72f986cd42b498a05160aa6e28a1a5766c292b73682ec70f2dc2b1b72541e537dd4edaf26e046b5f5b30c1a1d8a254f36479b46ec

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1e772d964ad2c2cd7789d34d445dfcbe

SHA1
09fe105f580927adfb4e3acce71db3dba81dd425

SHA256
a1371708f87af9f5b2c814092c86e52cd08b2fc0fce6598e2a0486667168acef

SHA512
5e4738f806667e9510b098ac7e4f6b3d279011999796cb07e4ef0e716419655d9b73a20e0acfcdf3fc9e111109b11478561ebe9b3ee853811209805f1f83c373

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6cce9a93d62cba360c8ea892f80dca7c

SHA1
8ea32ecfc2a2eadddc7b7a3e5ec4b2f114f3e08b

SHA256
084b06d18dff73b1e1b4915863d6669c9aafbb67f92d3b284142534630c9418b

SHA512
5584e9c4408bef501bcda95e970cc550675f9017f43ab9d2cf06e96fefd9dee9a1e0965d63542f74b95f7978d84a75b8279f87107dbb4abace912bfdf51a338b

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d6057e229e069856a7e3cfa36cb9a89c

SHA1
7dd0806e0895a8cd1eb42b33c651283f20f25507

SHA256
5573b76c50eba0646a86c92f91e6fc8bd562f796887fd4f0ad90c8e660397050

SHA512
93d9384095ef6071244da3b8e24d97b1f9ee48515cd78edab548c29f599c89cccf5733bc98e9131767a168078d015fc95ccf1dad93556333f4b43f9f789f87f9

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
af728b253b9b7ce4488664da9a42ee7a

SHA1
b11e1cb1c1063a27bcadc8f727459854488ec29c

SHA256
13494d4eb2bdcc4af5ec7a34f81f73106b98fb61dd955a99b13dce8b4e9c26fa

SHA512
73825c448708184ca6de82d4df394cc106abbc8122c25e785aba38710d11fb0383e917a408699bc389cdbaa73c79dc0e6f553b863beb12da96bef783ecc83010

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6674d0efe808ef8006ea405a40e0673b

SHA1
e3a81e7653c9328640f898e261d7702ac2ab4d29

SHA256
87407aae75a6fce473873ec980c928e733579f59331c141a957cf59ac44f2d78

SHA512
c27841e7194f23e59c4701ef5295cd2bf9057872ac1a87d5c8714fcde772841cfb17eadc1473332885196a8dbd254eec9517c6edfc28af5e12243ac081a33993

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9c91cb5c582c6d0bb58f534d56651281

SHA1
80d523fcb4f03aa8706fafc0b9bde3f173447099

SHA256
b0d2d4de7919951505a91e6976cba40bdf920b49f82be600dd7223a488ace7a0

SHA512
5fef590d667187c798255c5046a12c82087a6d2eca65e47a7ec8f607bcc6cd26dcf70ec0a983e12d46500c2e3cc732fd9df6237b211965f4a1384c9957793abe

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3c28dc72ab3d86692217e96c1a8897b3

SHA1
8cd6221c6f8c55e6b184fce85054732f894b63c4

SHA256
5c56dbdd4b9172e4011ac136708e74edaa72e55c48b94d115cf70cb47d237b29

SHA512
22d47de4b3c7701b0b6b39dcf85036c7a18725f88390e0a10b12026847afc9791dde4e638944146d69a667034a7d6a74a675df36ba2a666948f959c27666e8b9

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
fecf53a59fe66155614a8b5993f204e5

SHA1
657c69e10a99cab5ef10f21523290fe7d56fbbbd

SHA256
c59139cfdeb2d1b23debeb3c4a4c97379c924790f4679696c508471ef22a74c4

SHA512
fbb441ec324aa8305d9994d71df17c42714f80f0bba53fd3fe235ad0428c798e5c336ad1236ea6e25289efcaeabe2cbedadd869d50bd0cf4931ce25415f93ece

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation146335398462116577tmp

Filesize
90B

MD5
8cef9ac1c7c833fc9983787034e08180

SHA1
6ecc11441f47dfd450cd44290b9ef1fe86cd71b8

SHA256
548f1fadbbba88041b1fa46a64d5bc1a988b31bdd042c75cdb040f7c1a34e64e

SHA512
caaa863edc0ffe361d5bb20fcee34286368678eef94c7bfffac89e408074cad19d12b1689a869dd99acf71d7db50366ad59f4ff5b217bb23fc6225e167a0ae1e

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation4884407298142049038tmp

Filesize
570B

MD5
5d98e8551b46e0b30f531d9215289e0f

SHA1
129d8c82432c6bfd5b12d4a6d7e53bfe69ecea3a

SHA256
699ea1e4bf31c2351a3ebf4e440ec16f70f593e1011bfee99f5475634963e6fd

SHA512
8504fd965d24eb7c7ad8f20e42423a8d9c6870a08e3958384c7135f0c516d137b0f46f95f4bf89aafe81bf87d3bde2859fdfe1939e63bc0e955a736afc6af52a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads