0aa1d9f0dcec3c232c31bb5ca534a7ecfc32f7a20afd6d762e06617da3c6834a

Analysis

max time kernel
5s
max time network
118s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
23-10-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778.apk
Size

7.0MB
MD5

d2e511a1e5836f0557c695eb23307711
SHA1

7e0c6781b9b560dc958d38786419f5a09dcf3cf6
SHA256

f3ee8522c46e31269449c58c69369f93a525201559fda2a2eff1d2d205f4f778
SHA512

56e6f6fa644e564533f0727dfddb3b22229ddffb550a8f72db58071bc48b936c3717f61a06071976b0dddef7c5381119e2e2f9f6f44c3490fbbe33bbe96c4527
SSDEEP

196608:debHCUOigkvgP45yCG8Ii8Z1v1oGKoBbq27:d8iUODHrG8jdo7ow0

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	bot.avesta.uno

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	bot.avesta.uno

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	bot.avesta.uno

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	bot.avesta.uno

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	bot.avesta.uno

bot.avesta.uno
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4248

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/bot.avesta.uno/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8f0e8256d66169f7d514065ea61f6384

SHA1
88c38833e9ac09efaba34beb4b5777b80c8e1b91

SHA256
a19bd0a27e95710dfda28f8af130fc1c0e31c16277e77f8ae9a07af157ca51b2

SHA512
a6aa19d9670e401d73bf7ad7532bafc9b823c0314d49281d347cbe02f59430ddf899b35967eae9ef44037b26bd115f4e97edfb7e4d65d477788cb48cad91401f

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ac8bcb215d72d87ce22283ae04325be6

SHA1
a4e01a09e3d8f4f512d9fec5b3470f6bd3798687

SHA256
e9826387d02f2db7bb490abcdb5e32c2c9a80e74b6bb495f02ad2a42f34c138d

SHA512
7e98b541e0ab61374c904478eca853f386d02ef733beb5bd9a029abf6a3247f4e74120b561d233bc47de44d48bd5ab5aec04322887a82c6dd97db6e751c9d5be

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e1547e8b79c364e07ff9811bb45527c0

SHA1
6eb0dc6a07ae026f47b9e507a797f40c9056f350

SHA256
a9a01ff3e282c0718610b2fc4035a58182cc74f065f95a10db951aab7f0ef985

SHA512
c5ef2cf45ff2a67c84537428c8f1d6d70119c480b0f8e6673f35166f695c2232fa65cb77bab71e15bd3aa71f63eab4cda7cf162538658c37dc3d6f21e2bb4701

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1e0ef1ed19e6bff8d463459aee6edf4e

SHA1
7db8d6166c65e584734ff0cad7691b9d4d850bf9

SHA256
f335fe5ed65a1260f744f036d8fa3e0f12a3066e3a98790be5e7dfffbd732995

SHA512
8d3ddd2b902a6da0aaa5a8c542ce67b1748784af7e9d26575d5cb499db8640d4fc541d7ca3ccb30d8aa845335b16668faac6293e86ebbdff37b14700a758f13a

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db

Filesize
16KB

MD5
cad4e7dacf0c40891c7237ea8c1f68c9

SHA1
4b4ffb7382f6a91ac1696e7102b781754e93708a

SHA256
c39e11d06687b69b4987c0aba08f3ecc3bda96b735c7806fb99bc304ecdced7f

SHA512
d60f9726eab7335c7e74dcc929a90829f5bef79e2322c2268b07120a9ba14103db628e779cfa0c0e02fa15c4ac0aa09cb781adf84d260a5552a7bdd61592fdee

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d5ea5215a052b7966689f51451015480

SHA1
708e56a6a2bb82aa2446475e5746bba7e7ccfea3

SHA256
631f2f7f7ba91b85840271ec4633db76d9466f0aa341787f3efc1065d9487407

SHA512
dae8da3f0a351fa36d2622a44f48d581165042f50f1ad455026da2c40402b3ec4e4e555f3920639de12bdf7fe771e13ec9d769863f93195fd1b9c7b5dfa649f3

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
15860d94a958d63c016171914f476405

SHA1
8995f512b052b5581fb2f20379b77cc8537bdc3b

SHA256
eab6fb91844dd15db4d4a1288d9548a2206a8fa0853a7dd4052d1151540f5561

SHA512
994b6b6b544b81ee3940fb19d4ff343b49ca33c0659bafb6d324994e484cfded90341e080df503bfb874b917e5da22efd842314f31f11a58882730a35be1a985

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9f0aa57b41405a04bc7eebd48667dcbe

SHA1
47cb4c3869ee1fec77b6ba1d091ac0f79b214a05

SHA256
ac6215bce9f54bb450ac4c5056aa20922602b19ac3e4a10977dfbe5f2bc077a1

SHA512
86bb6001cba02f09c9a25947021c8e785b92e218bb573771596a4c5f3d7f552ce62f688a507dc5be4790dcc5c97f59dd30a75b933f88604ea36e6f0b20b0c001

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0c576d5a6fd305543118676c829cc0e3

SHA1
63f3e83c07aa4ffaba0ca5c800e6eb105a475ab1

SHA256
3f467ca30bd22b07e0c9fcdba2e5072cba2ef5e47d6fd87a942c1a72eb8501dc

SHA512
ba3073e87267caf7ce720126572d66ffe51ac09c578f90316332192b004c4b4b4022bfdd0c61512b6a5a21a9700c5ec66bbe79a83132ac6c9fdce33e879055d0

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
47bf51e35ee3d4c8f64416ab92bef9cc

SHA1
c40b34c4483eeac300c202aef51737a41df4819c

SHA256
f7a0943218129139f566b552fc746d8b656706c82e877cb3a69439de00b4500b

SHA512
20536ff2aa8aba4b1de27ed33ba8b481cbf07a63e52367511f24076441746d7d2a0581e79a48bfad00d9c1b5beb9456c1882ec2ed494d04389050127635ac7c0

Download Submit
/data/data/bot.avesta.uno/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
2b61d80870eaff007ce19bf60c3a3ae7

SHA1
817a5900bbca466028c46978ac24d12d994422cf

SHA256
1dd697cc33e29e86221f2fc610e74e990ed8245d62287d71db9601e12a6b6283

SHA512
f5c4752ce1c9f7abc1c387841381e494d875b593617de0da6392728b18d8a42024809043f01c7576db215398b48b02a6504ae6b159f20edfebb56d166694dbe9

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation2650177412583758568tmp

Filesize
90B

MD5
e8af9938e46e8dbf4d97bf64c1e83ded

SHA1
204598dea45beb7c24f4853d8c18ec6caa1fdaa5

SHA256
94e6dee8dbff44283a28d144238de885f4240a3df88e1b5a8a62e3b50fd99c60

SHA512
ecfad98ce61e11ff56813d8a533436372f6c65266b89481bd9edf50b3c0061e07e20efc2787c61715a0e4b1a3ed0ac6d7a00b463634b27a25af36289af09345a

Download Submit
/data/data/bot.avesta.uno/files/PersistedInstallation631711617590608160tmp

Filesize
568B

MD5
a37b8cdb12a8de4026152e620141f22f

SHA1
a803ad1611bd503c925fafad0ee3ce8aa0f13e0f

SHA256
d766cc516bd932bf796d82d8ec18cb61769fa4e33bbb84a011e7f96b1116aad7

SHA512
304320c959044e7e94a2f84bcc5197670342ef79d2c8ceff8696a313daf8e29343fdf06944162c7ff9dc7f33dbc1f96150409b9ad8a73f6b4b20b0a69f8ffd1c

Download Submit